Wiki page ssl changed with summary [[Android] added android 14 "certificate in system"] by Dan
This commit is contained in:
parent
24a7e40a2f
commit
1a8272aa95
1 changed files with 40 additions and 2 deletions
|
@ -151,13 +151,14 @@ Check under:
|
||||||
|
|
||||||
=== System trusted credentials ===
|
=== System trusted credentials ===
|
||||||
|
|
||||||
If "User trusted credentials" is not enough and you need the certificate in the system, follow the next lines. However, this requires a rooted device:
|
If "User trusted credentials" is not enough and you'll need the certificate in system, follow the next lines. It needs a rooted device though:
|
||||||
|
|
||||||
<code>
|
<code>
|
||||||
hashed_name=`openssl x509 -inform PEM -subject_hash_old -in rootCA.pem | head -1` && cp rootCA.pem $hashed_name.0
|
hashed_name=`openssl x509 -inform PEM -subject_hash_old -in rootCA.pem | head -1` && cp rootCA.pem $hashed_name.0
|
||||||
ls $hashed_name.0
|
ls $hashed_name.0
|
||||||
</code>
|
</code>
|
||||||
|
|
||||||
|
**Android 13:**
|
||||||
<code>
|
<code>
|
||||||
adb root
|
adb root
|
||||||
adb shell mount -o rw,remount /
|
adb shell mount -o rw,remount /
|
||||||
|
@ -167,7 +168,44 @@ adb shell chown root:root /system/etc/security/cacerts/$hashed_name.0
|
||||||
adb shell reboot
|
adb shell reboot
|
||||||
</code>
|
</code>
|
||||||
|
|
||||||
You can also use the Magisk module [[https://github.com/NVISOsecurity/MagiskTrustUserCerts/releases|MagiskTrustUserCerts]] (Android 13) or [[https://github.com/nccgroup/ConscryptTrustUserCerts|ConscryptTrustUserCerts]] (Android 14) which does the same as above.
|
**Android 14 (this only works until a restart):**
|
||||||
|
<code>
|
||||||
|
adb root
|
||||||
|
adb shell mkdir -p -m 700 /data/local/tmp/cacerts
|
||||||
|
adb shell cp /apex/com.android.conscrypt/cacerts/* /data/local/tmp/cacerts/
|
||||||
|
adb shell mount -t tmpfs tmpfs /system/etc/security/cacerts
|
||||||
|
adb shell mv /data/local/tmp/cacerts/* /system/etc/security/cacerts/
|
||||||
|
adb push $hashed_name.0 /system/etc/security/cacerts/
|
||||||
|
adb shell chown root:root /system/etc/security/cacerts/*
|
||||||
|
adb shell chmod 644 /system/etc/security/cacerts/*
|
||||||
|
adb shell chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
|
||||||
|
adb shell
|
||||||
|
</code>
|
||||||
|
|
||||||
|
<code>
|
||||||
|
ZYGOTE_PID=$(pidof zygote || true)
|
||||||
|
ZYGOTE64_PID=$(pidof zygote64 || true)
|
||||||
|
|
||||||
|
for Z_PID in "$ZYGOTE_PID" "$ZYGOTE64_PID"; do
|
||||||
|
if [ -n "$Z_PID" ]; then
|
||||||
|
nsenter --mount=/proc/$Z_PID/ns/mnt -- \
|
||||||
|
/bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
APP_PIDS=$(
|
||||||
|
echo "$ZYGOTE_PID $ZYGOTE64_PID" | \
|
||||||
|
xargs -n1 ps -o 'PID' -P | \
|
||||||
|
grep -v PID
|
||||||
|
)
|
||||||
|
|
||||||
|
for PID in $APP_PIDS; do
|
||||||
|
nsenter --mount=/proc/$PID/ns/mnt -- \
|
||||||
|
/bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts &
|
||||||
|
done
|
||||||
|
</code>
|
||||||
|
|
||||||
|
You can also use the Magisk module [[https://github.com/NVISOsecurity/MagiskTrustUserCerts/releases|MagiskTrustUserCerts]] (Android 13) or [[https://github.com/nccgroup/ConscryptTrustUserCerts|ConscryptTrustUserCerts]] (Android 14) which does basically the same as above.
|
||||||
|
|
||||||
|
|
||||||
=== Use third party CA certificates for firefox ===
|
=== Use third party CA certificates for firefox ===
|
||||||
|
|
Loading…
Reference in a new issue