I run my own private SSL infrastructure (root CA, intermediate CAs and server/client certificates). This requires installing the CA certificates on computers and mobile devices I use, including various Android devices.
For applications which use the default Android certificate store, this is the familiar ‘Settings’ -> ‘Security’ -> ‘Install from device memory/SD card’ dance (see for instance this link). However, my favorite browser is Firefox, and that has its own certificate store… According to this article it’s just a matter of putting it on a webserver, and opening the URL in Android. Too bad this didn’t work for me… right away.
The secret to this turns out to be setting the MIME type returned by the webserver to application/x-x509-ca-cert (for certificate authorities) or application/x-x509-user-cert (for client certificates). To do this, check out your webserver manual (e.g. the mod_mime manual page for Apache). Alternative if you have Python installed, you could use the following script as a mini-webserver to serve .crt files with the correct MIME type:
import SimpleHTTPServer
import SocketServer
PORT = 8000
Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
Handler.extensions_map = {'.crt': 'application/x-x509-ca-cert', '.txt': 'text/plain'}
httpd = SocketServer.TCPServer(("", PORT), Handler)
print "serving at port", PORT
httpd.serve_forever()
MterSch's Blog 
Thanks, I would never have worked this out myself.
NodeJS also works well for this purpose, e.g. https://pastebin.com/Dcu4eApW
LikeLike
or just browse to file:///sdcard and click the certificate file
LikeLike
I couldn’t get this to work (at least not in an emulator with 4.4 (KitKat) and Firefox 58.0.2). No message whatsoever, and when trying to access a site with a certificate signed by this CA certificate I still get the SEC_ERROR_UNKNOWN_ISSUER.
LikeLike
Thanks a lot! Changing the mime type did the trick.
For my specific situation, because it was a windows webserver using IIS, I had to add a line to the web.config file to change the mime type.
LikeLike