Android Certificate Installer

N/A? It is very applicable!

Configuring a wireless network on Android. There are no default certificates, and no easy way to add them.

Feel free to go straight to the tool.

Recently I switched to Verizon and was immediately drawn to the Motorolla Droid.  It is my first smartphone and I must say, it is magnificent! Besides a few hardware concerns (flat keyboard being the major complaint), it is the best phone I’ve ever owned.

One of the reasons I got a Droid, rather than only using my Zune HD, is because it can connect to WPA-Enterprise networks using PEAP authentication.  I spend most of my time on my college campus (Purdue University), and we have to login to the wireless network using WPA-Enterprise with PEAP, so the Zune HD was not able to use the wireless network.

However, the Android platform can (at least on the Droid, which runs Android 2.0.1) connect using WPA with PEAP.  The only problem with them is that there is no easy way to install the CA certificates necessary to connect to the network.  To do this, you have to navigate to an x509 certificate with the correct HTTP headers in the browser.  It only requires a few lines of PHP code and the CA certificate, but not many people have easy access to a PHP server or the technical knowledge to use it.

Thus, RealmB’s Android Certificate Installer was created.  It allows you to upload a CA certificate from your computer, or from a URL, and have the browser receive the correct headers that launch the Android’s internal CA certificate installation process.

The tool is located at http://www.realmb.com/droidCert/.

Any comments, questions, or thanks can be left as comments here.

Note: I am especially interested to see if this works on non-Droid Android phone, so if it works, could you post a comment saying what type of phone you have and/or what version of Android you are running? (Android 1.5, 1.6, 2.0, or 2.1)  Thanks a lot!

Update: I found the site where I found this little header trick: Android Security Discussions – Google Groups. Thanks to user “lynx.” The post is two thirds of the way down the page.

Update 2: Some commentators have said that this does not work on Android 1.5, sorry about that.  It has been confirmed to work on Android 1.6 and above.

60 Responses to Android Certificate Installer

  1. Pingback: Google Navigation for Android 2.0 on Motorola Droid | AboutAndroid.info

  2. Tiago Barreiro

    I have an htc tattoo (android 1.6) and it worked like a charm for wpa2 peap. Great tool!

  3. I cannot set the 802.1x Enterprise security on tattoo. How did you set the certificate on tattoo

  4. Where do you find the certificate on your computer?

  5. Installed the certs successfully from what I could tell, but my Droid still complains about the certificate when I try to browse to OWA over https (SBS2003) and Exchange setup still fails. Any tips on getting the Exchange setup to work with SBS’s self-signed certificate?

  6. Great tool!!! It worked great for my Nexus One (Android 2.1 Update 1)

  7. It does not seem to work on my Hero with Android 1.5. It says that there is no program installed to open the file… Hopefully the update to 2.1 comes out quickly!

  8. tried to use it with samsung spica running android 1.5 and it failed. ” Cannot download. The content is nors supported on the phone”

  9. I installed on nexus one –gets installed but comes under client cert and not in CA cert.
    I need it for CA cert???wat to do??

  10. Worked great on my Nexus One with latest updates as of 3/3/2010.

    Thanks a lot!!!

  11. Someone with htc tattoo can please tell me your ROM version?? thanks a lot!!!

  12. I just wanted to say Thanks a lot, it worked like a charm. HTC Nexus One as of April 11, 2010. Mine installed in CA certs just fine.

    Again, Thanks!!

  13. I have the same problem as someone above. It installs as client cert, not as CA cert. Tried with my own xampp server too, same effect. Any ides?

    (Nexus One, 2.1-update1)

  14. I think I know where the problem is. I’m trying to install GTE CyberTrust Root CA.

    If you issue the

    $ openssl x509 -text -in goodca.crt

    command, then you get an output like this (among other things):
    X509v3 Basic Constraints:
    CA:TRUE

    which is not present in my GTE Cybertrust cert. I think this is why it’s getting recognised as a client cert. And I don’t know how can I add this extension to it…

    Any Ideas?

  15. Pingback: WiFi - Secured "Open" Network, unable to login. - Droid Forum - Verizon Droid & the Motorola Droid Forum

  16. Great tool!!! It worked great for my Nexus One (Android 2.1 Update 1)

  17. Pingback: Hows the battery? - Android Forums

  18. Pingback: Logging into Work Wifi - Android Forums

  19. Can anyone help me like how to do this I got to UOIT.

  20. Thanks for a great tool!!! you should promite this on the android forums out there I have been racking my brain over this forever…..It worked on my shiny new evo 6.9.2010 unbeleivable…..

  21. thank you, master,
    and i had repost to my blog :)

  22. THANK YOU THANK YOU THANK YOU!!! You sire are a true lifesaver!

  23. Thanks, this works flawlessly (converted a .pem file) on my Nexus One with Froyo 2.2 as of July 5th, 2010!

  24. I have used this to install the cert to my droid, but it will not open the cert untill I provide a password. My IT guy swears there is no password to this cert. Has anyone experienced this? Any work arounds?

    thanks, Ken

  25. Dude just wanted to give a big thx. Your simple solution worked like charm.

  26. How do I get the certificate from the wireless I’m trying to connect to?

  27. Has any one tried your Droid Cert installer with a non-stock build like Cyanogen?

  28. Pingback: instalacja certyfikatów głównych - Forum Android.com.pl

  29. This was just awesome, I just got connected. :) thanks a lot

  30. Worked perfectly on my stock Samsung Vibrant, connecting to my school’s PEAP network.

  31. Is it possible to change local? cer or crt to p12.
    Please tell me how to do it. only want to PEAP authentication validate.

  32. Isn’t this kinda dangerous — possibly giving to the creator of this app, an organization’s certificate? Where does this certificate go when it is uploaded?

  33. HEY VERY GOOD GUIDE, MY PROBLEM IS WHERE I FIND THE CERTIFICATE INSTALLED ? WHAT FOLDER? TKS

  34. Great, worked a charm – Thanks. Next thing I have been struggling loads with is to install my user cert, any ideas?

  35. Hi all,

    I think i have a problem creating the certificate, I uploaded one but didn’t work,.Any one can help m eto create the correct certificate please?
    My contact detials:
    osama_zabin@yahoo.com
    osama.zabinz@googlemail.com

    Thanks in advance

  36. Hey;

    Great tool; I love it !

    Just one thing, maybe you could use the QR Code API from google to show a QR Code… so there would not be a URL to type in on the smartphone ;)

    = http://chart.apis.google.com/chart?chs=150×150&cht=qr&chld=L|1&choe=UTF-8&chl=Your_URL

    Hope this helps…

    Pierrick

  37. I’m confused to how to get this working properly. I’ve entered the CN URL into the “URL” box and I get an error message stating that “Error: downloaded file is under 100 bytes, something went wrong!” “Warning: file_get_contents(wireless.netaccess.umn.edu) [function.file-get-contents]: failed to open stream: No such file or directory in /home/realmbco/public_html/droidCert/index.php on line 114″

    Here are the settings from my school.

    //

    General Wireless Configuration

    To connect to the “UofM Secure” SSID, you will need a device that supports 802.1X authentication and WPA2 Enterprise.

    OIT supports following EAP methods:

    * EAP-PEAP with MSCHAPv2 (preferred)
    * EAP-TTLS

    Encryption:

    AES
    Key Management:

    CCMP
    Certificate Details:

    Our X.509 certificate used for 802.1X authentication has a common name (CN) of “wireless.netaccess.umn.edu.”

    The signing certificate authority (CA) is “Thawte Premium Server CA” and “AddTrust External CA Root”

    //

    Any ideas? Thanks!

  38. Thanks a bunch! :)

  39. steve aldous

    I heard all Android devices have a problem connecting to Purdue wifi. Is this true, and will your fix take care of the problem? Have HTC Inspire w/Android 2.2. thanks.

  40. Fabulous, worked great. I needed to download an Eduroam CA certificate to be able to use WiFi at school. Your work is appreciated.

  41. Hi,

    I give your installer a try, because I want to set up my RADIUS PEAP connection on my android. So i uploaded it (onetime as base64 onetime as DER encoded) and installed them to my phone.

    Problem is, that I can not select the cert in the wifi dialog (its not listed there)

    Andy Idea?

    I use a SGS with 2.2.1

  42. I fourgot to say, that it is a self-signed cert

  43. ok, now I know why: The self-signed cert is not made as an CA Cert. Thats why it is not listed there.. I think you should explain in your post, that only a cert which is created as an CA Cert can be listed in this field. A self-signed cert is mostly spoken a “end” cert!

  44. Works like expected! Thanks for all the effort you’ve put into this!!

  45. Just used site to upload a self-signed Cert to a Droid X and an IPhone. Both worked great. Thanks very much.

  46. Optimus One

    Quick and effective. LG Optimus One (P500). Thank you!

  47. Thanks a lot! It worked just fine! I have to say though that when I tried to open the link with the Opera Mobile browser it didn’t install the certificate. When using Dolphin or the built-in browser instead it worked like a charm!

  48. Thx for this smart tool installer. This little thing is very helpfull. I’ve got a Samsung Spice GT-i5700 (Android 2.1-update1, kernel 2.6.29) and CA Cert wasn’t to be visible on microSD card… Now I can easy login to radius (TLS authentication).

  49. Just wanted to say the tool is awesome :D!! Finally an easy and quick way to get the certificate I need, cheers!!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>