[Q] KitKat Keystore/Keychain? - Android Q&A, Help & Troubleshooting

I've installed the OpenVPN client on my Moto G, and imported the pkcs#12 file into the Keychain, as recommended in the doc.. Where did the file actually go - I expected it to appear in Settings -> Security -> Trusted Credentials, but it isn't there?
In Trusted Credentials under the User tab there's an entry 'Myhome changeme'. It appears to require me to do something - to change it in some way. Do I actually need to do something?
Is there an 'Idiot's Guide' to Trusted Credentials and the Keystore/Keychain for Android, that someone can point me to, please?
Jim

Related

Install a web certificate (*.cer) on an Android device

Hi,
To gain access to WIFI at university I have to login with my user/pass credentials.
The certificate of their website (the local home page that asks for the credentials) is not recognized as a trusted certificate, so we install it separately on our computers.
I want to know how to install such certificates on Android, I have HTC magic and I came through this question which seems the same problem but the solution is specific to exchange server and not the browser http://forum.xda-developers.com/showthread.php?t=551512
This is the details of installing the certificate from the university's page [LINK]
if you are rooted, download wifi helper (its free) from market and it should help you configure your wifi with custom cert files.
Hey,
I stumbled onto this topic as I had the problem (but on the Droid, Android v2.0). I then figured out how to do it and made a tool to make it easier. I call it RealmB's Android Certificate Installer. It basically gives your Android's web browser the correct HTTP headers to make it launch the CA certificate installation wizard.
Hope this helps,
Brian
I used Android's built-in certificate manager.
1. Just drop your certificate file onto the sdcard/download folder.
Note: Keep in mind the manager looks for .p12 and/or .crt files. I had a .cer file, but it was PEM formatted so I simply changed the extension.
2. Go to settings-> Security & Privacy -> Install from SD Card
Note: I use the MIUI rom, so millage may vary a bit on other roms
Done! Enter your credentials password, or create a new one if you didn't have one already, and you're all set!
Thanks MrNago
renaming .cer to .crt really makes me being able to install it. Life can be so easy ... (MIUI 2.3)
I was looking for a way to do this exact thing, and found a (potentially) easier way to install the certificate. If you have access to a web site, you can just put the .crt file on it, go to the site, click the file and voila... It installs on the device.
Worked like a charm since I do not have an SD card with me, but I needed to install the certificate.
Thanks for the comments above. I had a .cer file, and renaming it worked like a champ as well.
Bryan
gces said:
I was looking for a way to do this exact thing, and found a (potentially) easier way to install the certificate. If you have access to a web site, you can just put the .crt file on it, go to the site, click the file and voila... It installs on the device. ...
Click to expand...
Click to collapse
Thanks, this works.
To install a browser certificate into a pre-ICS ROM, use Portecle to add it to /system/etc/security/cacerts.bks.
Notes:
- obviously, ROOT is required to do this
- the keystore p/w is changeit
- In ICS a certificate can be simply added via Settings
The problem is only old stock browser sees installed certificate. This browser doesn't exist on Jelly Bean for Nexus 7. Google Chrome is default browser here.
Anyone knows a solution to this?
Thanks
Denis
!crazy said:
The problem is only old stock browser sees installed certificate. This browser doesn't exist on Jelly Bean for Nexus 7. Google Chrome is default browser here.
Anyone knows a solution to this?
Thanks
Denis
Click to expand...
Click to collapse
The solution could be to wait until the bug in Chrome is fixed.
web security
Web certificate and web site security have much need for everyone. IF any one have want web project and security you should hire developers.

[Q] Corporate email security policy bypass for Samsung Galaxy S 2 ?

Hi ,
I looked around the Q&A threads and other threads for this.
But could not find a relevant answer/application for me, so posting it.
Is there a way to bypass the security policy enforced by exchange server of the corporate email account on samsung galaxy s 2 device?
If yes, please point me to the answer (thread) or send me the .apk or help in any way you can to find a working solution to this.
I have samsung galaxy s 2 (rooted) 2.3.3 (India)
Thanks,
Aseem Chiplonkar
what do you mean by bypass security ?
if your corporate exchange support webmail, than you can use email apps without need to bypass.
firstly you enter your email and password , but dont click next .. you click manual setup & choose Exchange
insert your domain : e.g : tm.my
exchange server (normally start with webmail.xx.com without "/exchange" at the back) : e.g --> : webmail.tm.com.my
choose ssl or not
and then you can connect to your exchange
I think my wording was not clear.
The exchange email policy is enforced on the device, where I have to keep a screen lock, either pattern or PIN , for my device.
This can not be changed as it is controlled by remote exchange server admin.
yes you need to be rooted then you can install this email.apk and it will remove the security
http://forum.xda-developers.com/showthread.php?t=775007
To make sure it works you need to do this in this oder:
1. delete your exchange account,
2. goto settings and remove the pin or password lock.
3. install the email.apk using astro file manager
4. setup your exchange account again.
5. goto settings>locations & security> deactivate device administrators > select the email icon and deactivate
follow those steps you should be good to go.. also if you have any troubles read through that thread, there are other options to get around it as well .

[Q] Unsafe certificate protection in Android?

Hi
I've followed the instructions from Nexus offical guide and installed my personal certificate stored in a pfx file (PKCS#12) in my Google Nexus (ICS 4.0.4). At this point I faced a little problem: the new certificate is not listed in "User" tab in "Credentials". It works anyway because I can use it in web pages.
But the big problem IMHO, is the way Android protects your certificates. It only requests the user to set a pattern, PIN, or password to unlock the screen. I'm missing a password-protected access to my credentials like IE does in Windows, for instance every time your certificate is requested by a web site.
Is there a method to enhance security of your certificates in ICS and set a password for accessing certificates storage?
Thank you

[Q] How to install custom trusted certificate?

I serve a few webpages from my home. I use an OpenSSL certificate. On my previous phone I was able to install the cert onto my phone so that I don't get the "untrusted connection" in my browser.
For some reason on the G3 my .cert file shows up grayed out when I select it. Does G3 support only certain formats? I currently do have a key guard enabled.
edit: I guess I need to create a *.crt certificate in x509 format, then it lets me pick it, but it does not appear in my user certificates folder after I add it...
NegativeOne said:
I serve a few webpages from my home. I use an OpenSSL certificate. On my previous phone I was able to install the cert onto my phone so that I don't get the "untrusted connection" in my browser.
For some reason on the G3 my .cert file shows up grayed out when I select it. Does G3 support only certain formats? I currently do have a key guard enabled.
Click to expand...
Click to collapse
I always put my certificates into system/etc/security/carets folder with r-w-r-r premisson and it works without a keyguard.....or change the file extension to .cer and it'll install but u'll need a pin/password

Enable system certificate on Android

Dear all,
I'm searching for some help regarding system certificates on Android.
First of all, a little bit of context : I'm in charge of the migration of mobile devices from one Airwatch server to another. All devices are managed by MDM (Airwatch MDM Agent) that allows deployment of configuration profiles and apps. One of those profiles is called "CertAuth" and pushes some certificates that are needed to access internal ressources.
A few months ago, we have discoverd that one of the system certificates (Thawte Primary Root G3) was missing on some devices, mainly old versions of Android.
So we decided to push this certificate through the "CertAuth" profile.
Now the problem whith that method is that once the devices are unenrolled from the first server, profile "CertAuth", all corporate content and apps are removed (normal behavior). As Thawte Primary Root G3 certificate is part of the system certificates, it cannot be removed. So it is simply disabled.
This certificate is needed to access the target server, so once devices try to enroll, they receive some error message "cannot connect to host". Connection is simply refused due to the disabled Thawte G3.
Of course it can be manually enabled, but as you all may know, basic users are not always able to find the correct option in the device settings...
So (finally) my question is : is there any way to remotely enable this system certificate (little swich OFF/ON) in order to void manual action on more than 5000 devices?
By using a script or something that would be deployed on devices as third-party content/not removable content?

Categories

Resources