Installing a CA Certificate on Android

There are a lot of reasons why you need to know how to install a CA certificate on Android device. Often it is suggested that you use theRealmB web site. While I trust that RealmB authors have had the best intent to help others, I think publishing a security certificate you use to connect to your corporate network on the web is as wise as giving keys to your house to absolute strangers and I personally would not use the tool. In this article I will show you how to install a CA certification on your device quickly and easily.

As of Android 2.2 you should have both Certificate Installer and Certificate Manager installed. To find them go Settings-> Location & security, scroll down ->Credential storage-> Install from internal phone storage. You will see a dialog offering you to complete the action using either Certificate Installer or Certificate Manager. Both are rather enigmatic tools without any documentation and it took me some time to find how one actually can use Certificate Installer (this one is a part of Android; This is the beauty of Open Source Software (at least for developers) – one can read a code and figure out how it all works.

First of all by default Certificate Installer looks for certificates to install at folder called download in SD card. It considers as certificates files with extensions either .crt or .p12. The latter stands for certificates in PKCS #12 format and the former stands for certificates in Base64 Encoded X.509 format. You should be aware that there are other certificate formats as well, e.g. PKCS #7, but it seems that Certificate Installer can’t handle them.

Using the Certificate Installer

So the first way to use Certificate Installer is obvious:

• Extract SD card from your phone, insert it into your computer
• Create download folder in its root folder and put there the certificate file or files you want to install; of course make sure that they are in acceptable format and have proper file extensions
• Insert SD card in your phone and run Certificate Installer as described above

Well, obvious but not co convenient… First of all extracting and inserting SD card is not so simple on certain devices. Also there are devices without SD card. So what to do if you don’t want or cannot use this way? Then you can use the second method:

• Connect your device to your computer via USB cable. Make whatever you usually do so that the device appears as an external drive in the computer file system. If you never connected your Android device to your computer as USB drive and you use Windows computer, the most likely you will need to install a proper USB driver on your computer. Such USB drivers for Android devices are manufacturer-specific and can be found on manufacturers web sites. For Ubuntu Linux you will need to add some configuration parameters; no USB driver installation is required.
• Copy your certificate file(s) to the device internal storage. Again, make sure that the files have proper format and proper file extensions
• Open Files application and select (touch) the certificate file. A dialog will appear with details on the certificate and two buttons: Install certificate and Cancel.
• Click Install certificate. That’s it!

At first this process may not seem as straight-forward but I think you will agree that this is a simple process to follow in order to install the Certificate Authority on your Android device. Now you can install your own certificates to access your resources such as Wi-Fi without having to use a third-party or compromise the security of your device.