How to add root SSL certificate to Android subsystem

Recently I had to install self-signed certificate for Android apps, and the guides I’ve found were either not working or involved rebuilding aliendalvik image.

But after some trial and error I’ve found another way by adding mount entry to LXC config.

For some reason adding single file fails, so you have to replace whole directory.

First, copy your existing certificates to dir with write access, let’s say /home/defaultuser/cacerts

mkdir /home/defaultuser/cacerts
lxc-attach -n aliendalvik /system/bin/sh
cp /system/etc/security/cacerts/* /home/defaultuser/cacerts

Then copy your certificate (that must have name according to http://wiki.cacert.org/FAQ/ImportRootCert#Android_Phones_.26_Tablets) to dir with existing certificates.

Create file /var/lib/lxc/aliendalvik/extra_config and add following line to it:

lxc.mount.entry = /home/defaultuser/cacerts/ system/etc/security/cacerts/ none bind,optional,create=dir 0 0

Reboot Android support, and your certificate should be among root certificates.
You will have to repeat step 1 if certificates in Android image were updated to get latest versions.

5 Likes