There is a lot of questions on various forums on how to install a CA certificate on Android device. Some suggest using RealmB web site. While I trust that RealmB authors have had the best intent to help others, I think publishing a security certificate you use to connect to your corporate network on the web is as wise as giving keys to your house to absolute strangers and I personally would not use the tool.
Android 2.2 I have installed on my Motorola Atrix has both Certificate Installer and Certificate Manager.
To find them go Settings-> Location & security, scroll down ->Credential storage-> Install from internal phone storage. You will see a dialog offering you to complete the action using either Certificate Installer or Certificate Manager.
But both are rather enigmatic tools without any documentation and it took me some time to find how one actually can use Certificate Installer (this one is a part of Android; I guess Certificate Manager is Motorola’s product). This is the beauty of Open Source Software (at least for developers) – one can read a code and figure out how “the damn thing works”
First of all by default Certificate Installer looks for certificates to install at folder called download in SD card. It considers as certificates files with extensions either .crt or .p12. The latter stands for certificates in PKCS #12 format and the former stands for certificates in Base64 Encoded X.509 format. You should be aware that there are other certificate formats as well, e.g. PKCS #7, but it seems that Certificate Installer can’t handle them. If you are interested to find more about certificate file formats, read this.
[Added on April 20, 2012. Vlad (another Vlad, not I) commented below: "...the certificate should be copied to an internal folder (not external). For some devices, the installer cannot find a certificate on the external SD card."]
So the first way to use Certificate Installer is obvious:
- Extract SD card from your phone, insert it into your computer
- Create download folder in its root folder and put there the certificate file or files you want to install; of course make sure that they are in acceptable format and have proper file extensions
- Insert SD card in your phone and run Certificate Installer as described above
Well, obvious but not co convenient… First of all extracting and inserting SD card is not so simple on certain devices. Also there are devices without SD card. So what to do if you don’t want or can not use this way? Then you can use the second method:
- Connect your device to your computer via USB cable. Make whatever you usually do so that the device appears as an external drive in the computer filesystem. If you never connected your Android device to your computer as USB drive and you use Windows computer, the most likely you will need to install a proper USB driver on your computer. Such USB drivers for Android devices are manufacturer-specific and can be found on manufacturers web sites (see the list here). For Ubuntu Linux you will need to add some configuration parameters; no USB driver installation is required. See details here.
- Copy your certificate file(s) to the device internal storage. Again, make sure that the files have proper format and proper file extensions
- Open Files application and select (touch) the certificate file. A dialog will appear with details on the certificate and two buttons: Install certificate and Cancel. Click Install certificate. That’s all