From 1a8272aa9534fc2e6bd58b21b6a0da061dff94b5 Mon Sep 17 00:00:00 2001
From: ORG_User <wiki@techsaviours.org>
Date: Sun, 26 May 2024 00:53:42 +0200
Subject: [PATCH] Wiki page ssl changed with summary [[Android] added android
 14 "certificate in system"] by Dan

---
 pages/en/server/services/ssl.txt | 42 ++++++++++++++++++++++++++++++--
 1 file changed, 40 insertions(+), 2 deletions(-)

diff --git a/pages/en/server/services/ssl.txt b/pages/en/server/services/ssl.txt
index d39bd43..68e2efa 100644
--- a/pages/en/server/services/ssl.txt
+++ b/pages/en/server/services/ssl.txt
@@ -151,13 +151,14 @@ Check under:
 
 === System trusted credentials ===
 
-If "User trusted credentials" is not enough and you need the certificate in the system, follow the next lines. However, this requires a rooted device: 
+If "User trusted credentials" is not enough and you'll need the certificate in system, follow the next lines. It needs a rooted device though:
 
 <code>
 hashed_name=`openssl x509 -inform PEM -subject_hash_old -in rootCA.pem | head -1` && cp rootCA.pem $hashed_name.0
 ls $hashed_name.0
 </code>
 
+**Android 13:**
 <code>
 adb root
 adb shell mount -o rw,remount /
@@ -167,7 +168,44 @@ adb shell chown root:root /system/etc/security/cacerts/$hashed_name.0
 adb shell reboot
 </code>
 
-You can also use the Magisk module [[https://github.com/NVISOsecurity/MagiskTrustUserCerts/releases|MagiskTrustUserCerts]] (Android 13) or [[https://github.com/nccgroup/ConscryptTrustUserCerts|ConscryptTrustUserCerts]] (Android 14) which does the same as above.
+**Android 14 (this only works until a restart):**
+<code>
+adb root
+adb shell mkdir -p -m 700 /data/local/tmp/cacerts
+adb shell cp /apex/com.android.conscrypt/cacerts/* /data/local/tmp/cacerts/
+adb shell mount -t tmpfs tmpfs /system/etc/security/cacerts
+adb shell mv /data/local/tmp/cacerts/* /system/etc/security/cacerts/
+adb push $hashed_name.0 /system/etc/security/cacerts/
+adb shell chown root:root /system/etc/security/cacerts/*
+adb shell chmod 644 /system/etc/security/cacerts/*
+adb shell chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
+adb shell 
+</code>
+
+<code>
+ZYGOTE_PID=$(pidof zygote || true)
+ZYGOTE64_PID=$(pidof zygote64 || true)
+
+for Z_PID in "$ZYGOTE_PID" "$ZYGOTE64_PID"; do
+    if [ -n "$Z_PID" ]; then
+        nsenter --mount=/proc/$Z_PID/ns/mnt -- \
+            /bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts
+    fi
+done
+
+APP_PIDS=$(
+    echo "$ZYGOTE_PID $ZYGOTE64_PID" | \
+    xargs -n1 ps -o 'PID' -P | \
+    grep -v PID
+)
+
+for PID in $APP_PIDS; do
+    nsenter --mount=/proc/$PID/ns/mnt -- \
+        /bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts &
+done
+</code>
+
+You can also use the Magisk module [[https://github.com/NVISOsecurity/MagiskTrustUserCerts/releases|MagiskTrustUserCerts]] (Android 13) or [[https://github.com/nccgroup/ConscryptTrustUserCerts|ConscryptTrustUserCerts]] (Android 14) which does basically the same as above.
 
 
 === Use third party CA certificates for firefox ===