Add self signed SSL certificate to Android (for browsing)
Some people are developers. Some of them have secure sites. What's more incredible, some want to test their websites on mobile phones with a environment as similar as possible to the production one, so they want to use a self-signed SSL certificate. Then, why it's so difficult to do it?
After much trial and error, here's a bulletproof guide to do in on Linux:
- Open Firefox (I suppose it's also possible with Chrome, but it's easier for me with FF)
- Visit your development site with a self-signed SSL certificate.
- Click on the certificate (next to the site name)
- Click on "More information"
- Click on "View certificate"
- Click on "Details"
- Click on "Export..."
- Choose "X.509 Certificate whith chain (PEM)", select the folder and name to save it and click "Save"
- Go to command line, to the directory where you downloaded the pem file and execute "openssl x509 -inform PEM -outform DM -in <certificatename>.pem -out <certificatename>.crt"
- Copy the .crt file to the root of the /sdcard folder inside your Android device
- Inside your Android device, Settings > Security > Install from storage. It should detect the certificate and let you add it to the device
- Browse to your development site. The first time it should ask you to confirm the security exception. That's all. The certificate should work with any browser installed on your Android (Browser, Chrome, Opera, Dolphin...)
Remember that if you're serving your static files from a different domain (we all are page speed bitches) you also need to add the certificate for that domain.
Written by Sergi
Related protips
8 Responses
This was extremely helpful to me. In Chromium, you can export the key by clicking on the lock, then Certificate Information. Under Details, click Export. Export the key as "Base64-encoded ASCII, certificate chain". All of the following steps are the same.
Thanks so much for this!
Which version of Android do you have? Since I upgraded to Andriod 4.3 this is not working for me anymore.
I have two for the same domain just different ports. Didn't seem to be able to distinguish the difference.
I got this error when running the command.
openssl x509 -inform PEM -outform DM -in .pem -out .crt
Error opening Certificate .pem
140332300740256:error:02001002:system library:fopen:No such file or directory:bssfile.c:398:fopen('.pem','r')
140332300740256:error:20074002:BIO routines:FILECTRL:system lib:bss_file.c:400:
unable to load certificate
I noticed FF saved the file without any extention. I added .pem to the file, but the issue persists. Any ideas?
Cheers!
-in filename.pem -out filename.crt (you have to pass a filename in both options)
Any idea how to install certificate from root storage using android code
You can save a certificate in Android using this app.
https://play.google.com/store/apps/details?id=com.cert.httpscertificate
Wow very good question. It increased my knowledge