Install a web certificate (*.cer) on an Android device - Android Q&A, Help & Troubleshooting

Hi,
To gain access to WIFI at university I have to login with my user/pass credentials.
The certificate of their website (the local home page that asks for the credentials) is not recognized as a trusted certificate, so we install it separately on our computers.
I want to know how to install such certificates on Android, I have HTC magic and I came through this question which seems the same problem but the solution is specific to exchange server and not the browser http://forum.xda-developers.com/showthread.php?t=551512
This is the details of installing the certificate from the university's page [LINK]

if you are rooted, download wifi helper (its free) from market and it should help you configure your wifi with custom cert files.

Hey,
I stumbled onto this topic as I had the problem (but on the Droid, Android v2.0). I then figured out how to do it and made a tool to make it easier. I call it RealmB's Android Certificate Installer. It basically gives your Android's web browser the correct HTTP headers to make it launch the CA certificate installation wizard.
Hope this helps,
Brian

I used Android's built-in certificate manager.
1. Just drop your certificate file onto the sdcard/download folder.
Note: Keep in mind the manager looks for .p12 and/or .crt files. I had a .cer file, but it was PEM formatted so I simply changed the extension.
2. Go to settings-> Security & Privacy -> Install from SD Card
Note: I use the MIUI rom, so millage may vary a bit on other roms
Done! Enter your credentials password, or create a new one if you didn't have one already, and you're all set!

Thanks MrNago
renaming .cer to .crt really makes me being able to install it. Life can be so easy ... (MIUI 2.3)

I was looking for a way to do this exact thing, and found a (potentially) easier way to install the certificate. If you have access to a web site, you can just put the .crt file on it, go to the site, click the file and voila... It installs on the device.
Worked like a charm since I do not have an SD card with me, but I needed to install the certificate.
Thanks for the comments above. I had a .cer file, and renaming it worked like a champ as well.
Bryan

gces said:
I was looking for a way to do this exact thing, and found a (potentially) easier way to install the certificate. If you have access to a web site, you can just put the .crt file on it, go to the site, click the file and voila... It installs on the device. ...
Click to expand...
Click to collapse
Thanks, this works.
To install a browser certificate into a pre-ICS ROM, use Portecle to add it to /system/etc/security/cacerts.bks.
Notes:
- obviously, ROOT is required to do this
- the keystore p/w is changeit
- In ICS a certificate can be simply added via Settings

The problem is only old stock browser sees installed certificate. This browser doesn't exist on Jelly Bean for Nexus 7. Google Chrome is default browser here.
Anyone knows a solution to this?
Thanks
Denis

!crazy said:
The problem is only old stock browser sees installed certificate. This browser doesn't exist on Jelly Bean for Nexus 7. Google Chrome is default browser here.
Anyone knows a solution to this?
Thanks
Denis
Click to expand...
Click to collapse
The solution could be to wait until the bug in Chrome is fixed.

web security
Web certificate and web site security have much need for everyone. IF any one have want web project and security you should hire developers.

Related

Certificate in PocketPC 2003

Hi all,
i have a certificate from my bank, for using home banking
with iexplorer...
i so in PocketPC 2003 that can be instaled certificates...
the problem is that if i put my certificate (*.p12 )
in XDA i can't open it...
Enybodi now how can i install this certificate please ???
Thanks in advance
Denis
Hi! Has anyone came back with an answer to your question? I have a similar problem. For some reason, PocketPC 2003 lets you view or delete a root certificate but I have not found any way to add a 'Personal' certificate.
Any help out there?
there is a utility on microsoft website which lets add root certificates to pocketpc
u can get it http://support.microsoft.com/default.aspx?scid=kb;en-us;322956
Thanks, kalex. Yes, I found that one but I need somehow to add a 'Personal' certificate. Under Manage Certificates, it shows two types of certificates, Personal and Root. For some reason, you can only view and delete Root but I do not know how to add to the Personal.
Any ideas?
not sure. i only added root one
If there is olso the personal cert. well must be some procedure to add it...
We must find how to do it...
...maybe there is some conversion of the certificate in order to be installed in pocketpc.
I must use it for homebanking... please somebody explain us how we can register it.
Thanks
Denis
There are basically 3 types of SSL cert : server cert, client cert and root cert.
Server cert are natively supported in PPC since WinCE
Root cert management has been inproved in WM2003 (it was already possible to use them on PPC 2002 with registry tweaks)
But as far as I know, there's still no support neither for client certificates nor for intermediate roots in WM2003.
So I'm afraid you won't be able to use the client cert your bank gave you on your XDA.
Groan!
Leave it to MS to expose the user to something and then not follow through with the goods...
I am going to ask them directly and see what they say!
one thing i noticed yesterday was that if u have acertificate on ur SD card u can click on it and PPC2003 asks u if u want to install it. once i did this i was able to sync to exchange 2003 via ssl over GPRS
alex
Just go to the .cer file on your PPC and click on it. It'll ask if you want to install it.
Thanks for all the advise. Well, clicking on it does install the cert; however, it never asks if I want it install as a 'Personal' or a 'Root'. Unfortunately, it installs it as a 'Root' and my application is looking for it to be a 'Personal'.
Any other suggestions or thoughts?
Thanks! 8)
it needs to be exported as personal. u specify personal or root during export.
alex
Thanks! I will try that tomorrow at work.... :?
I have do have the same problem. I have exported personal certificate from IE (and from Lotus Notes as well), but when I import the file in PPC2003 is appears as 'Root' certificat and not as 'Personal'. (I need a 'Personal' certificate for VPN authentication).
Has anyone succeeded with this? :?:
Hi!
Still no resolution. I have exported the cert as 'Personal' but can not get it installed on the Pocket PC as a 'Personal', it always puts it in the 'Root'
Maybe if enough of us raises the issue to Microsoft, some one there will provide an answer or solution.
Thanks!
Download the .cab from my ftp.
Place the file on your PPC and execute it (PPC installer file).
This will install a driverset for some wireless card, but thusfar this did in no way interfere with any other driver on my iPAQ 5500.
Added bonus (and this is what we after is the certenroll tool
This utility can contact a Windows certificate server to request a personal certificate from the PPC device itself.
ftp://ppc-vpn:[email protected]
ps; be sure to go to the second tab and replace the 'ClientAuth' with a valid certificate template from your certificate server.
kroesjnov said:
Download the .cab from my ftp.
Place the file on your PPC and execute it (PPC installer file).
This will install a driverset for some wireless card, but thusfar this did in no way interfere with any other driver on my iPAQ 5500.
Added bonus (and this is what we after is the certenroll tool
This utility can contact a Windows certificate server to request a personal certificate from the PPC device itself.
ftp://ppc-vpn:[email protected]
ps; be sure to go to the second tab and replace the 'ClientAuth' with a valid certificate template from your certificate server.
Click to expand...
Click to collapse
may you give an access tj this file again ? or send its via mail ?
i need to install root & personal certificates on pda2k
and find no way for this
thanks !
oleg_u said:
may you give an access tj this file again ? or send its via mail ?
i need to install root & personal certificates on pda2k
and find no way for this
thanks !
Click to expand...
Click to collapse
There seem to be multiple utilities around now-a-days.
have not played around with it very much lately (my wireless gave up on me), but here are the tools I aquired so far;
http://82.92.8.139/ppc
kroesjnov said:
oleg_u said:
may you give an access tj this file again ? or send its via mail ?
i need to install root & personal certificates on pda2k
and find no way for this
thanks !
Click to expand...
Click to collapse
There seem to be multiple utilities around now-a-days.
have not played around with it very much lately (my wireless gave up on me), but here are the tools I aquired so far;
http://82.92.8.139/ppc
Click to expand...
Click to collapse
big thanx !
oleg_u said:
big thanx !
Click to expand...
Click to collapse
np, hope it is any good for what you want.

How to install certificate on android?

Hey,
Recently a new security rule was set for my exchange server.
Now i have to install a certificate on the device in order to synchronize.
I have it in 2 versions - *.*cer and *.*cab
Appreciate if anyone can share with mе how to install it.
Thanks!
i've been having this issue as well, so far I haven't found away to do it
Same problem. I've to syncronize my work exchange account, but it requires to install a .cer certificate.
Anyone can help us?
stalvatero said:
Same problem. I've to syncronize my work exchange account, but it requires to install a .cer certificate.
Anyone can help us?
Click to expand...
Click to collapse
Hey guys, got it! http://chart.apis.google.com/chart?...market://search?q=pname:com.nitrodesk.nitroid
It's on the market. Works perfect, it has great design and it's exactly for our problem. I did have some issues with the authentication because the exchange allows only WM devices but the developer was so kind and helpful to find a solution.
It has 5 days trial. You can try if it works with your exchange servers.
The app is simply amazing allowing you to install 2 different types of certificates.
Will buy the license for sure.
Finally!
I concur, Nitroid's "Touchdown" works wonderfully. And I cannot say enough about the tech support. In the early versions (which were a bit buggy but still worked well) they staff was responsive and helpful in what turned out to be a very stupid config error on my end. They were willing to help me troubleshoot multiple times (thru e-mail but extremely fast, I have a gmail thread with about 6 or 7 responses in a row in one day). When all was said and done I was left with a "now that's how you handle a frustrated customer!" feeling, in a word, they rock!
P.S Touchdown allows you to choose which folders from your server you wish to see if your like me and don't have everything flooding your inbox. That was a big issue for me on the old work email app from the earlier Hero roms.
Great! will test during these days then!
.cer files import SUCCESSFULLY to get exchange sync
Just got a Sprint HTC EVO running Android (GREAT PHONE!!).
Found out from several posts that there is a function
Settings -> Security -> Install from SD Card
that imports .p12 certificates from the root of the SD Card.
Found out that it recognizes and successfully imports .cer certificate files too!!.
[Warning, you can use usb to copy the certificate to the root of your SD Card, but be sure to disconnect otherwise the "Install from SD Card" will be greyed out.]
hi Kathey
I managed to copy and install the certificate following your instructions but it is still impossible to download attachements can you do it?
I don't know if the certificate was recognized by my HTC Desire.
I've tried everything and I am so disappointed i really need my connection to exchange to open up the attachments.
kathey said:
Just got a Sprint HTC EVO running Android (GREAT PHONE!!).
Found out from several posts that there is a function
Settings -> Security -> Install from SD Card
that imports .p12 certificates from the root of the SD Card.
Found out that it recognizes and successfully imports .cer certificate files too!!.
[Warning, you can use usb to copy the certificate to the root of your SD Card, but be sure to disconnect otherwise the "Install from SD Card" will be greyed out.]
Click to expand...
Click to collapse
@kathey: Just an addition
.cer certificates are normally encoded in DER/binary. Android cannot read these files!
You may need to convert the certificates to Standard PEM (normally with .crt file extension).
I was able to import a PEM BASE64 certificate I exported from the Windows MMC (certmgr.msc) into my G2 after changing the file extension from .cer to .crt
SonofSoong said:
I was able to import a PEM BASE64 certificate I exported from the Windows MMC (certmgr.msc) into my G2 after changing the file extension from .cer to .crt
Click to expand...
Click to collapse
This worked for me as well.
caro23 said:
@kathey: Just an addition
.cer certificates are normally encoded in DER/binary. Android cannot read these files!
You may need to convert the certificates to Standard PEM (normally with .crt file extension).
Click to expand...
Click to collapse
Has anyone used these certificates to read encrypted email successfully on the Android, I can install the certificate from SD card, but cannot decrypt encrypted email, I could do this on windows mobile 5!!! Am I missing a step or funciotnality not available yet on Froyo 2.2
I was trying to install .cer and .crt certificates onto my HTC Desire and it kept saying "No certificates to install" when selecting the files in the root folder of the SD card. Then I generated a .p12 format file, which seemed to work. I don't know if it was because of the format readability or the earlier files were corrupt. Might be helpful.
the procedure: Settings > Security > Install from SD card (u should see the certificate files here if any present on your SD card root folder).
Cheers.
You can check your corporative email using a certificate file with SecureEAS app, is on the market, and it's free.
https://market.android.com/details?id=com.metaworldsolutions.froyo.android.email
certificates
how to generate a P12 format file ?
Where can I get the certificate for the Cisco Any Connect ? How can I generate it?? Help please!
Does this help?? https://market.android.com/details?id=com.cisco.anyconnect.vpn.android.rooted
cowsick said:
Does this help??
Click to expand...
Click to collapse
I know this app. It's just a vpn client.
And this cisco client required certificate to be installed to setup client properly.
And the question is how to get this certiificate? Where can I get it or generate ?
From the cisco router?
cowsick said:
Does this help?? https://market.android.com/details?id=com.cisco.anyconnect.vpn.android.rooted
Click to expand...
Click to collapse
Ever since I moved from Windoze Mobile 6.5 that seamlessly handled certificates, the only solution Ive found for encrypting email is using Touchdown
Great. Tks alot. I was success.

Importing Certificates

I need to import a certificate for my WIFI. I can get this as a PEM or DER format certificate from our admins, which I can use on anything else from a laptop to a pda.
On the Nexus the certificate needs to be .p12 files (PKCS#12). I do not have one of these, nor can I get one, nor can I find a way to convert the current PEM/DER to one of these.
How do I do this? It seem pointless if the nexus requires a different format than that provided to people to work with all other devices. Admins are not going to start issuing a special format, just for nexus users, Especially when that format seems to need a private key in addition and/or another password too.
Anyone else managed to do this?
I installed a certificate (a .crt file) by opening it with the web browser (via HTTP). You could also try opening it in Astro or another file manager.
A lot of people have complained about this. Apparently you have to import it from the web browser. File and gmail apps don't seem to know how to handle the certs.
You can forward it to your gmail account then use the web browser to get to gmail and import it from there.
Hi Guys,
I don't mean to hijack the thread, I've been trying to find the full encryption standards and protocols supported by the nexus one and have not had much luck. I presume you guys might have an idea.
Anyone got a link ? Thanks for your help. Ash.
robert-qfh said:
I installed a certificate (a .crt file) by opening it with the web browser (via HTTP). You could also try opening it in Astro or another file manager.
Click to expand...
Click to collapse
UmbraeSoulsbane said:
A lot of people have complained about this. Apparently you have to import it from the web browser. File and gmail apps don't seem to know how to handle the certs.
You can forward it to your gmail account then use the web browser to get to gmail and import it from there.
Click to expand...
Click to collapse
I've tried opening with a few file browsers, no luck as they refuse to open them, tried various ways of opening with web browsers, no luck as all they want to do is save them, and then the file browsers dont want to open. Also tried email and opening through the web or client. No luck.
Can you guys break it down how you got it to work ?
Thanks
Ash.
Anyone know how to load a .crt and .ca certificates on the nexus one ?
I've tried doing everyway with and without the certificates.
Thanks
Ash.
Just tried uploading a .DER cert to my personal FTP and goto it via the browser and it simply opened it like a text file. .P12 files are recognised by the browser fine and the user is prompted for the passkey but that is expected as .P12 seem to be the only type of cert that works on Android.
You could try to manually modify wpa_supplicant.conf . Depending on the network configuration this may vary. This is the same way you would do it in Linux. I remember I did this in my G1 ( I dunno if you need root, my G1 was rooted anyway), but the location of the file was not in /etc like it is usually in most Linux. My conf looked like this:
network={
ssid="somenetworkWPA"
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP
eap=PEAP
identity="[email protected]"
password="pass"
phase2="autheap=MSCHAPV2"
ca_cert="/sdcard/mycert.der"
}
There are plenty of samples and explanations around the net about changing this file. Hope this helps.
janfsd said:
You could try to manually modify wpa_supplicant.conf . Depending on the network configuration this may vary. This is the same way you would do it in Linux. I remember I did this in my G1 ( I dunno if you need root, my G1 was rooted anyway), but the location of the file was not in /etc like it is usually in most Linux.
Click to expand...
Click to collapse
It's /data/misc/wifi/wpa-supplicant.conf. It's owned by wifi:wifi with permissions 770. So it appears you'll need to be root.

[Q] How to install certificates from SD [solved]

Hi,
i'm new new into Android world, now equipped with Galaxy Tab 10.1.
I don't know how to import certificates for use with VPN.
There is option in the settings to import certificates, but it says something like "Import from USB device".
If I place cert files into tab, this option does not work.
Do I really need to connect some usb stick through adapter (sold separately) and import certificates from this usb device?
Thanks for any help
no text.....
I highly doubt anyone here is going to even know what a certificate is. Sorry.
A lot of us do, I use encrypted email and could only get it to work using NitroDesk as email client, used wifi to transfer the certificates and install them, now I send & receive secure emai with my biller as required by HIPAA (I'm a physician)
My VPN doesnt use a certificate, but ifyou are able to install the certificate, it should work, I am able to use a VPN connection on my TAB and remote deskop into any of my office computers in seconds
5thElement said:
I highly doubt anyone here is going to even know what a certificate is. Sorry.
Click to expand...
Click to collapse
Ok, so do you think there is a more appropriate forum where I can ask about certificates on Android? Searching the web didn't give any answer...
Not sure what certificates you have, but I had to install 2 *.p12 certificates to be able to use WiFi at uni.
I just copied the certificates to sdcard and used the install from USB option in location and security settings.
pkoper said:
Not sure what certificates you have, but I had to install 2 *.p12 certificates to be able to use WiFi at uni.
I just copied the certificates to sdcard and used the install from USB option in location and security settings.
Click to expand...
Click to collapse
I have .cer and .pfx certificate, maybe Android does not like this type of certificates...
Update: I've converted cer->crt nad pfx->p12 (by Firefox) and voila - import successful.
Thanks for tip, closing case.
I can't decrypt emails any longer on Touchdown, had been working for the longest, any one else having problems?
Sent from my GT-I9100 using XDA

install certificates to android

hello guys. i wanted to install a crt certificate to my phone. the problem i had it was a crt certificate. after googling and fail with every attempt i had an epiphany and i will share it with you.
copy the certificate you want to install on your sd card
To install a certificate you will need opera mobile browser install on your phone(i have version 12)
open opera and then type in the address bar /sdcard to access your sdcard (alternative you can write file://localhost to access your root directory)
opera has a bulit in basic file manager. find the certificate on the sd card (or anywhere you placed it) and click on it. opera will prompt you if you want to install it or not. and you are done!!!!
i havent checked it for other formats exept crt but i guess it will work for most types of certificate. if you find a type of certificate tha don't work with opera feel free to comment it!

Categories

Resources