- Import cert in DER Format as
cacert.der - Convert
# WSL/Linux
openssl x509 -inform DER -in cacert.der -out cacert.pem
openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1
mv cacert.pem {output-command-2}.0
- Android 12 /system/etc/security/cacerts is readonly. This script can solve it:
#!/system/bin/sh
# Create a separate temp directory, to hold the current certificates
mkdir -p -m 700 /data/local/tmp/htk-ca-copy
# Copy out the existing certificates
cp /system/etc/security/cacerts/* /data/local/tmp/htk-ca-copy/
# Create the in-memory mount on top of the system certs folder
mount -t tmpfs tmpfs /system/etc/security/cacerts
# Copy the existing certs back into the tmpfs mount, so we keep trusting them
mv /data/local/tmp/htk-ca-copy/* /system/etc/security/cacerts/
# Copy our new cert in, so we trust that too
cp "$1" /system/etc/security/cacerts/
# Update the perms & selinux context labels, so everything is as readable as before
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
# Delete the temp cert directory
rm -r /data/local/tmp/htk-ca-copy
echo "System cert successfully injected"
- Run the script
sh cert.sh 9a5ba575.0
ASUS_I005DA:/storage/emulated/0/Download # sh cert.sh 9a5ba575.0
System cert successfully injected
For some reason, this certificate will disappear if the emulator is restarted.
But if it works, don't touch it.