Another simple post this time. I updated my phone again with LineageOS (I was waiting if any release other than nightly was to be available, but the blueborne exploit convinced me to move now) and, again, I spent some time trying to install a custom certificate in the phone. The procedure is explained in this article in detail and it works like a charm for me.
To install your CA certificate you need to obtain a hash of the certificate because android expects the file to be called using this hash (this point was crucial and I had no idea about it before). So first you obtain your PEM and get the hash with the following command:
openssl x509 -inform PEM -subject_hash_old -in calocal.crt | head -1
xxxxxxxx
Once you have the certificate and the hash you just need to install it with the following name /system/etc/security/cacerts/xxxxxxxx.0 and the same permissions than the other CAs. Remember that the /system file system is read-only by default and you need su to do the complete process. So you have to go to Settings → Developer Options → Root Access and include ADB to it.
$ adb shell
daemon not running. starting it now on port 5037
daemon started successfully
$ su
# mount -o remount,rw /system
# cp /sdcard/Downloads/calocal.crt /system/etc/security/cacerts/xxxxxxxx.0
# chmod 644 /system/etc/security/cacerts/xxxxxxxx.0
# mount -o remount,ro /system
And reboot your phone. You can check that your local CA now should be listed in Settings → Security → Trusted Credentials in the System tab.
Following the procedure all my synchronizations started to work again against my personal nextcloud and runalyze servers. It's incredible that such an old phone is still maintained by lineage and now running android 7.1.2 with the September security patches from google. I have to say that my requirements for the phone are very slight.
Good job lineage team!
Comments