I have a Samsung Galaxy S phone with Android 2.3.3 (Gingerbread). This device came out in March 2010 which is ancient in terms of mobile devices, but I am still rather fond of this phone. I began having trouble with certain websites when they changed their certifying authority early in 2013.
This included problems with well known sites such as facebook and redbox. Many sites would get the security warning 'This certificate is not from a trusted authority'. Also I had some problems with apps using SSL.
The Details
When looking in logcat I see something like:
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
Looking at the example website using my computer's browser on https://www.redbox.com, I noticed the certificate was recently renewed Feb 28, 2013 which is about when I started having problems (the CN listed was from: "Cybertrust Public SureServer SV CA"). Cybertrust now has another CN in Baltimore that is authorizing the new certificate for redbox.com.
You'll need to have root access to your device to do any of these commands. Also note that Android 4.0 has a different mechanism for working with certificates. Getting root access of your device is beyond the scope of this tutorial.
Using adb I was able to pull the keystore and examine it to check for the certificates I was looking for.
adb pull /system/etc/security/cacerts.bks cacerts.bks
You can examine the keystore on your computer using the Portecle software. Portecle is available from http://portecle.sourceforge.net/
Select File / Open Keystore... and choose the cacerts.bks file.
Select Tools / Keystore Report and copy that information into a text editor so you can review it.
The Fix
To fix my problem and update my android 2.3.3 phone certificates I copied the one from the android 3.2 emulator and put that on my phone. Android 4.0 devices do not use the same cacerts.bks file so they could not be used to copy from.
- Download the updated cacerts.bks file here.
- Connect your device to be updated (must be root). You may need to remount the /system folder as rw for read/write capabilities if you have failures on the push procedure.
- Save a copy of the old cert file from your device:
adb pull /system/etc/security/cacerts.bks cacerts.bks.old - Put the updated cert file on your device
adb push cacerts.bks /system/etc/security/ - Reboot the device
Related Work:
Hope you found this guide useful, please drop a note, somewhat funny internet cat picture, or +1 if it helped.You may also want to check out my WorxForUs Android Database and Networking framework that assists database access and network access and addresses several common pitfalls.
nice post....sharing information related to programming android
ReplyDeleteI found one successful example of this truth through this blog. I am going to use such information now. Driving License Uk
ReplyDeletewonderful article....
ReplyDeleteDeep learning Training in coimbatore
Best deep learning training in coimbatore
Deep learning course in coimbatore
Machine learning course in coimbatore
Best machine learning training in coimbatore
Deep learning projects in coimbatore
Deep learning with python training course in coimbatore
Deep lerning vs machine learning training in coimbatore
Deep learning in coimbatore
Deep learning institute in coimbatore
Deep learning training course in coimbatore
Deep learning course centre in coimbatore
Best Deep learning training institute in coimbatore
Deep learning course online in coimbatore
Best Deep learning classes in coimbatore
Deep learning training institute in saravanampatti
Best Data science/Artificial intelligence/Machine learning/Deep learning training center in coimbatore