如何在Android设备上安装受信任的CA证书?

我已经创建了自己的CA证书,现在我想安装在我的Android Froyo设备(HTC Desire Z),以便设备信任我的证书。

Android将CA证书存储在/system/etc/security/cacerts.bks中的Java密钥库中。我将文件复制到我的计算机,使用portecle 1.5添加了我的证书,并将其推回到设备。

现在,Android似乎没有自动重新加载文件。我已经阅读了几个博客文章,我需要重新启动设备。这样做会导致文件被原来的文件覆盖。

我的下一个尝试是从SD卡安装证书,通过复制它,并使用从设置菜单中的相应选项。设备告诉我证书已经安装,但显然它不信任证书。此外,当我尝试将密钥库复制到我的电脑,我仍然找到原来的股票cacerts.bks。

那么,什么是正确的方式安装我自己的根CA证书在Android 2.2设备上作为受信任的证书?有没有办法以编程方式?

从Android 4.0起,这是现在可能。我可以轻松地在我的未root设备上安装Charles Web Debbuging Proxy证书,并成功侦听SSL流量。

摘自http://wiki.cacert.org/FAQ/ImportRootCert

Before Android version 4.0, with Android version Gingerbread & Froyo, there was a single read-only file ( /system/etc/security/cacerts.bks ) containing the trust store with all the CA (‘system’) certificates trusted by default on Android. Both system apps and all applications developed with the Android SDK use this. Use these instructions on installing CAcert certificates on Android Gingerbread, Froyo, …

Starting from Android 4.0 (Android ICS/’Ice Cream Sandwich’, Android 4.3 ‘Jelly Bean’ & Android 4.4 ‘KitKat’), system trusted certificates are on the (read-only) system partition in the folder ‘/system/etc/security/’ as individual files. However, users can now easily add their own ‘user’ certificates which will be stored in ‘/data/misc/keychain/certs-added’.

System-installed certificates can be managed on the Android device in the Settings -> Security -> Certificates -> ‘System’-section, whereas the user trusted certificates are manged in the ‘User’-section there. When using user trusted certificates, Android will force the user of the Android device to implement additional safety measures: the use of a PIN-code, a pattern-lock or a password to unlock the device are mandatory when user-supplied certificates are used.

Installing CAcert certificates as ‘user trusted’-certificates is very easy. Installing new certificates as ‘system trusted’-certificates requires more work (and requires root access), but it has the advantage of avoiding the Android lockscreen requirement.

http://stackoverflow.com/questions/4461360/how-to-install-trusted-ca-certificate-on-android-device

本站文章除注明转载外,均为本站原创或编译
转载请明显位置注明出处:如何在Android设备上安装受信任的CA证书?