wv6fpq
Last Updated: January 22, 2019
·
108.6K
· sdepablos

Add self signed SSL certificate to Android (for browsing)

Some people are developers. Some of them have secure sites. What's more incredible, some want to test their websites on mobile phones with a environment as similar as possible to the production one, so they want to use a self-signed SSL certificate. Then, why it's so difficult to do it?

After much trial and error, here's a bulletproof guide to do in on Linux:

  • Open Firefox (I suppose it's also possible with Chrome, but it's easier for me with FF)
  • Visit your development site with a self-signed SSL certificate.
  • Click on the certificate (next to the site name)
  • Click on "More information"
  • Click on "View certificate"
  • Click on "Details"
  • Click on "Export..."
  • Choose "X.509 Certificate whith chain (PEM)", select the folder and name to save it and click "Save"
  • Go to command line, to the directory where you downloaded the pem file and execute "openssl x509 -inform PEM -outform DM -in <certificatename>.pem -out <certificatename>.crt"
  • Copy the .crt file to the root of the /sdcard folder inside your Android device
  • Inside your Android device, Settings > Security > Install from storage. It should detect the certificate and let you add it to the device
  • Browse to your development site. The first time it should ask you to confirm the security exception. That's all. The certificate should work with any browser installed on your Android (Browser, Chrome, Opera, Dolphin...)

Remember that if you're serving your static files from a different domain (we all are page speed bitches) you also need to add the certificate for that domain.

9 Responses
Add your response

9516

This was extremely helpful to me. In Chromium, you can export the key by clicking on the lock, then Certificate Information. Under Details, click Export. Export the key as "Base64-encoded ASCII, certificate chain". All of the following steps are the same.

Thanks so much for this!

over 1 year ago ·
9527

Which version of Android do you have? Since I upgraded to Andriod 4.3 this is not working for me anymore.

over 1 year ago ·
12054

I have two for the same domain just different ports. Didn't seem to be able to distinguish the difference.

over 1 year ago ·
16730

Worked nicely for me, thanks! It even let me import from Google Drive (Android 4.4.3, HTC One M8).

I exported the x.509 cert from Chrome, the only issue is that Chrome/Windows gave me the file extension .cer. My phone ignored the file until I renamed to .crt.

over 1 year ago ·
18018

I got this error when running the command.

openssl x509 -inform PEM -outform DM -in .pem -out .crt
Error opening Certificate .pem
140332300740256:error:02001002:system library:fopen:No such file or directory:bssfile.c:398:fopen('.pem','r')
140332300740256:error:20074002:BIO routines:FILE
CTRL:system lib:bss_file.c:400:
unable to load certificate

I noticed FF saved the file without any extention. I added .pem to the file, but the issue persists. Any ideas?
Cheers!

over 1 year ago ·
18046

-in filename.pem -out filename.crt (you have to pass a filename in both options)

over 1 year ago ·
22173

Any idea how to install certificate from root storage using android code

over 1 year ago ·
22664

You can save a certificate in Android using this app.

https://play.google.com/store/apps/details?id=com.cert.httpscertificate

over 1 year ago ·
30183

Wow very good question. It increased my knowledge

6 months ago ·