lupohan44/TrustUserCertificates

User Certificate Deletion, also Deletes System Certificate

redsky1991 opened this issue · 1 comments

redsky1991 commented

Thanks, very well done. It works for me after I did the following (running Android 14 Galaxy S23)

  1. created directory /data/adb/trustusercerts/no_user_cert
  2. created directory /data/adb/trustusercerts/certificates
  3. Placed my certificate in the directory /data/adb/trustusercerts/certificates
  4. At the this point my certificate has not yet been added even after manual reboot
  5. Installed the user certificate via the installer within the android settings
  6. Restarted, the certificated shows in system but also in user
  7. Removing the user certificate via andorid settings also removes the system certificate at the same time.

Is there a way to keep only the system certificate while deleting the user certificate? Keeping both is interfering what I'm trying to achieve.

Thanks

lupohan44 commented

Thanks, very well done. It works for me after I did the following (running Android 14 Galaxy S23)

  1. created directory /data/adb/trustusercerts/no_user_cert
  2. created directory /data/adb/trustusercerts/certificates
  3. Placed my certificate in the directory /data/adb/trustusercerts/certificates
  4. At the this point my certificate has not yet been added even after manual reboot
  5. Installed the user certificate via the installer within the android settings
  6. Restarted, the certificated shows in system but also in user
  7. Removing the user certificate via andorid settings also removes the system certificate at the same time.

Is there a way to keep only the system certificate while deleting the user certificate? Keeping both is interfering what I'm trying to achieve.

Thanks

  1. created directory /data/adb/trustusercerts/no_user_cert

This should be a file, not a directory

  1. Placed my certificate in the directory /data/adb/trustusercerts/certificates

You need to place the certificates following Android's naming rule: https://medium.com/hackers-secrets/adding-a-certificate-to-android-system-trust-store-ae8ca3519a85

openssl x509 -inform PEM -subject_hash_old -in <exported_cert_file>| head -1
mv <exported_cert_file> <old_hash>.0

As I mentioned in #1