Android: Trusting CA Certificates

TL;DR

Your Android browser doesn’t recognise a new Certificate Authority (CA). This guide shows you how to manually install the CA certificate so your browser trusts websites signed by it. We’ll cover importing via settings, using a configuration profile, and checking if it worked.

Steps

1. Get the CA Certificate: You need the actual certificate file (.crt, .pem, or similar). This usually comes from whoever issued the certificate (your company IT department, your server provider, etc.). Make sure you have a trusted copy.
2. Copy to Your Android Device: There are several ways to do this:
   • USB Cable: Connect your phone to your computer and transfer the file like any other document.
   • Email: Email the certificate to yourself and open it on your Android device.
   • Cloud Storage: Use Google Drive, Dropbox, or similar services.
3. Install via Settings (Most Common): This is usually the easiest method.
   1. Go to Settings > Security (or Privacy, then Security – it varies by Android version and manufacturer).
   2. Look for Install from storage, Trusted credentials, or similar. You might need to tap ‘More’ or ‘Advanced’ options.
   3. Select the CA certificate file you copied over.
   4. Android will ask you to name the certificate (give it a descriptive name).
   5. Confirm the installation – you’ll likely get a warning about adding an untrusted certificate. Only proceed if you trust the source of the certificate!
4. Install via Configuration Profile (Less Common, often for work devices): Your IT department might provide a configuration profile (.zip or .xml file).
   1. Download the configuration profile to your device.
   2. Android will usually prompt you to install it automatically. If not, find the downloaded file in your Downloads folder and tap it.
   3. Follow the on-screen instructions. You’ll likely need to set a PIN or password for your device if you don’t have one already.
5. Check Installation: Verify that the certificate is installed and trusted.
   1. Go to Settings > Security > Trusted credentials (or similar – see step 3).
   2. Under ‘User’ or ‘System’, you should see the CA certificate you just installed. Tap on it to view details.
   3. Open your browser and visit a website that uses the certificate issued by this CA. If the connection is secure, you should see a padlock icon in the address bar.
6. Troubleshooting:
   • Certificate Format: Make sure the certificate file is in a supported format (.crt or .pem are common). If it’s not, you may need to convert it using an online converter.
   • Restart Your Browser: Sometimes, simply closing and reopening your browser will force it to reload the trusted certificates.
   • Clear Browser Cache: Clearing your browser’s cache can also help.
   • Check Date/Time: Incorrect date and time settings on your device can cause certificate validation errors. Make sure your date and time are set correctly (preferably automatically).
   • Android Version: The exact steps may vary slightly depending on your Android version. Consult your device’s documentation if you’re having trouble.