Reputation: 19
How to import self-signed certificate.ca with private keys in android phone?
after creating a self-signed CA file and private keys, I was wondering how to add this ca and key file into an android phone? so far, I have not found a way to import on the phone.
please help me!
Upvotes: 0
Views: 3859
Answers (2)
Reputation: 1
You need use a special certificate from auhority certification (AC). This certificate can sign anoter. Otherwise Android refuse and ask a key (on Android version 14)
First generate AC certificate request + private key in one commad
openssl req -new -sha256 -nodes -newkey rsa:4096 -keyout CA.key -out CA.csr
Create AC certificate:
openssl x509 -req -sha256 -extfile x509.ext -extensions ca -in CA.csr -signkey CA.key -days 1095 -out CA.pem
Observ that you need create before extension file x509.ext containing some parameters [ca] for your AC certifcate :
[ ca ]
# X509 extensions for a ca
keyUsage = critical, cRLSign, keyCertSign
basicConstraints = CA:TRUE, pathlen:0
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ server ]
# X509 extensions for a server
keyUsage = critical,digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
basicConstraints = critical,CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
And now server side, you need a new create certificate with your AC certificate:
Request:
openssl req -new -sha256 -nodes -newkey rsa:4096 -keyout www.example.com.key -out www.example.com.csr
Certification generation, using [server] options in your x509.ext file:
openssl x509 -req -sha256 -CA CA.pem -CAkey CA.key -days 730 -CAcreateserial -CAserial CA.srl -extfile x509.ext -extensions server -in www.example.com.csr -out www.example.com.pem
Upvotes: -1
Reputation: 193
- Put the CA.der.crt onto the sdcard of your Android device (usually to internal one). It should be in root directory.
- Go to Settings / Security / Credential storage and select “Install from device storage”.
- The .crt file will be detected and you will be prompted to enter a certificate name.
- After importing the certificate, you will find it in Settings / Security / Credential storage / Trusted credentials / User.
Upvotes: 3
Related Questions
- Self-signed SSL acceptance on Android
- Cannot import my selfsigned CA, it seems to not recognize the raw directory
- Load SSL certificate from file in Android
- Accept Self-Signed Certificates in Android Studio Java Code
- Saving private key with certificate in keystore - Android
- Self-signing certs for https
- android self-signed certificate wont work
- Installing self-signed certificate programmatically
- Android application with SSL
- Pack a certificate containing the private key in .apk on download