Install User Certificate Via ADB

Question

Is there a way to install CA certificate (.crt file) under the Security -> Trusted Credential -> User tab via ADB? or any other "scriptable" way.

Answer 1

This only launches the "do you want to trust this certificate window" on a non-rooted android. It is the answer by @hoghart45 except with a line that ensures you have permission to paste your certificate into the /data/local/.. directory:

certificateName=ca.crt
ca_dir_in_phone="/data/local/tmp/try3"
ca_path_in_phone="$ca_dir_in_phone/$certificateName"

adb shell mkdir -m 700 "$ca_dir_in_phone"
adb push "$certificateName" "$ca_path_in_phone"

adb shell am start -n com.android.certinstaller/.CertInstallerMain -a android.intent.action.VIEW -t application/x-x509-ca-cert -d file://"$ca_path_in_phone"

For completeness, here is a hacky WIP Python project WIP that also automates clicking "OK" in a controlled fashion using uiautomator. (It verifies it is the ok button before clicking, it does not just send a blind enter, like the send keyevent 20 command). Disclaimer, I am involved with that project.

Answer 2

As this is the first post that comes up for "install CA CERT adb oculus / meta quest 2", I'll add my 2 cents here to help the next one:

On the Meta Quest 2 VR headset, you can install a CA cert by using ADB to open the Android settings (not the oculus settings app, the real android settings app!)

Your device must have Developer Mode activated. Simply type:

./adb shell am start -n com.android.settings/.Settings\$NetworkDashboardActivity

From there, scroll down to "Security -> Encryption & Credentials -> Install Certificate"

Enjoy :)

Answer 3

I figured out a way to do this, thus i was able to trust charles proxy certificate. it will be added as trusted SSL root certificate.

First you need to get the certificate hash

openssl x509 -inform PEM -subject_hash_old -in charles-proxy-ssl-proxying-certificate.pem | head -1>hashedCertFile

i use windows, store it in a var in a matter to automate the process

set /p certHash=<hashedCertFile
    

set certHash=%certHash%.0 && DEL toto
cat charles-proxy-ssl-proxying-certificate.pem > %certHash%

openssl x509 -inform PEM -text -in charles-proxy-ssl-proxying-certificate.pem -out nul >> %certHash%

adb shell mount -o rw,remount,rw /system

adb push %certHash% /system/etc/security/cacerts/

adb shell mount -o ro,remount,ro /system

adb reboot

This is the unix version copied from this answer:

PEM_FILE_NAME=logger-charles-cert.pem
hash=$(openssl x509 -inform PEM -subject_hash_old -in $PEM_FILE_NAME | head -1)
OUT_FILE_NAME="$hash.0"

cp $PEM_FILE_NAME $OUT_FILE_NAME
openssl x509 -inform PEM -text -in $PEM_FILE_NAME -out /dev/null >> $OUT_FILE_NAME

echo "Saved to $OUT_FILE_NAME"
adb shell mount -o rw,remount,rw /system
adb push $OUT_FILE_NAME /system/etc/security/cacerts/
adb shell mount -o ro,remount,ro /system
adb reboot

Answer 4

Push file to device

adb push "C:\path\cacert.cer" "/data/local"

Start the CertInstaller

adb shell am start -n com.android.certinstaller/.CertInstallerMain -a android.intent.action.VIEW -t application/x-x509-ca-cert -d file:///data/local/cacert.cer

Now finish installing with the prompt that will appear on your device.

Answer 5

2022: httptoolkit has a good solution to inject a custom cert without rebooting into rooted devices/emulators

Details here: https://httptoolkit.tech/blog/intercepting-android-https/#injecting-ca-certificates-into-rooted-devices

    set -e # Fail on error
    # Create a separate temp directory, to hold the current certificates
    # Without this, when we add the mount we can't read the current certs anymore.

    mkdir -m 700 /data/local/tmp/htk-ca-copy
    # Copy out the existing certificates

    cp /system/etc/security/cacerts/* /data/local/tmp/htk-ca-copy/
    # Create the in-memory mount on top of the system certs folder

    mount -t tmpfs tmpfs /system/etc/security/cacerts
    # Copy the existing certs back into the tmpfs mount, so we keep trusting them

    mv /data/local/tmp/htk-ca-copy/* /system/etc/security/cacerts/
    # Copy our new cert in, so we trust that too

    mv ${certificatePath} /system/etc/security/cacerts/
    # Update the perms & selinux context labels, so everything is as readable as before

    chown root:root /system/etc/security/cacerts/*
    chmod 644 /system/etc/security/cacerts/*
    chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
    # Delete the temp cert directory & this script itself

    rm -r /data/local/tmp/htk-ca-copy
    rm ${injectionScriptPath}
    echo "System cert successfully injected"

Source

Answer 6

In my case, I first needed to start the emulator as writable:

adb start-server
emulator -writable-system -avd Pixel_2_API_24

Then you can install certificate:

adb root
adb remount
adb push c8750f0d.0 /system/etc/security/cacerts

https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android

Answer 7

Thanks to this answer Install User Certificate Via ADB I was able to adapt a script that works on a bash shell:

PEM_FILE_NAME=logger-charles-cert.pem
hash=$(openssl x509 -inform PEM -subject_hash_old -in $PEM_FILE_NAME | head -1)
OUT_FILE_NAME="$hash.0"

cp $PEM_FILE_NAME $OUT_FILE_NAME
openssl x509 -inform PEM -text -in $PEM_FILE_NAME -out /dev/null >> $OUT_FILE_NAME

echo "Saved to $OUT_FILE_NAME"
adb shell mount -o rw,remount,rw /system
adb push $OUT_FILE_NAME /system/etc/security/cacerts/
adb shell mount -o ro,remount,ro /system
adb reboot

(Yes, I know this should probably be a comment, but I don't have enough reputation to post it as a comment yet)

Answer 8

I was able to get a server cert to show up under the Trusted Credential -> User tab (rather than the system tab, which other answers show) with the following steps:

#!/bin/bash
subjectHash=`openssl x509 -inform PEM -subject_hash_old -in server.crt | head -n 1`
openssl x509 -in server.crt -inform PEM -outform DER -out $subjectHash.0
adb root
adb push ./$subjectHash.0 /data/misc/user/0/cacerts-added/$subjectHash.0
adb shell "su 0 chmod 644 /data/misc/user/0/cacerts-added/$subjectHash.0"
adb reboot