Login/Register
How do I add my own Certificate Authority to my Android device?
Asked Answered
androidsslcertificate-authority
I

0

11

I want to access my https site running on my local machine from my Android device on the same network. Service workers and push notifications means I need to use https.

I have created my own CA + key, created certificates for localhost and 192.168.178.23, and installed the CA on OSX. This all works as expected - everything is green if I point my browser on my local machine at localhost and 192.168.178.23:3000. I followed this guide.

Now I want to do the same for my Android device, so that I can access the local dev site over the network.

I put myCA.crt on my device and tap on it, but it says 'Private key required to install a certificate'. The same happens when I navigate through the settings to Install a certificate -> CA certificate.

I followed this post to convert it into a p12 file with both the key and the certificate combined. (I'm not sure why Android needs the key here). My command was openssl pkcs12 -export -in myCA.crt -inkey myCA.key -out test-combined.p12.

Now I move my p12 file to my device and tap it. It prompts for the password, and recognises that this has a key, but it won't let me put the certificate as a certificate authority - only as a "VPN and app user certificate" or a "Wifi certificate". When I attempt to install the certificate via the settings, it allows me the unlock the file using the password but then says "this file can't be used as a CA certificate".

myCA.key is

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,A868E9FC78768599

axC3F...........................................................
.............stuff..............................................
...........................................................QBkMn
-----END RSA PRIVATE KEY-----

myCA.crt is

-----BEGIN CERTIFICATE-----
MIIC9DCCAdwCCQDIK...............................................
......................... stuff ................................
................................................oLBZA==
-----END CERTIFICATE-----

I'm a newbie with this stuff. What am I missing? This is Android 11.

Ivonneivor answered 7/5, 2021 at 9:35 Comment(1)
In my case I could work around the issue using ngrok. This doesn't answer the question, but perhaps this gets you moving too if you happen to read this.Ivonneivor

© 2022 - 2024 — McMap. All rights reserved.