Customer meets credential problem in their application sometimes. In order to install credential, we need to install the certificate files in our media player.
Method 1: CAcert user trusted certificates (with lockscreen)
Download the certificate files onto the internal flash storage (the '/sdcard' or any subfolder).
You can find the install options in below path.
Basic setting page->Click Time zone->Security->Credential storage->Install from SD
If it is the first user certificate you install, the Android Security Model forces you to use a lock-screen to unlock your device. Check if certificate files are installed correctly, you can see the certificates under Security -> Certificates -> 'User'-section.
Method 2: CAcert user trusted certificates (without lockscreen)
The article shows how to create a compatible certificate then push these files to player via ADB
Obtain Credential
Obtain original CAcert file from customer. There are two certificate file formats. One is PEM, another one is DER. IAdea media player only support PEM format. If the source CAcert file is DER format. You have to convert the format into PEM format. You could reference below article to convert certificate file.
How to distinguish certificate file format.
According to PEM&DER definition below. You could distinguish the format of certificate by open the file by using text tool such as Note++
Encodings (also used as extensions)
- .DER = The DER extension is used for binary DER encoded certificates. These files may also bear the CER or the CRT extension. Proper English usage would be “I have a DER encoded certificate” not “I have a DER certificate”.
- .PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a “—– BEGIN …” line.
.DER format uses binary to encode certificate file therefore, opening the DER certificate file by text tool, you will see garbled words.
A .pem format certificate will most likely be ASCII-readable. It will have a line -----BEGIN CERTIFICATE-----, followed by base64-encoded data, followed by a line -----END CERTIFICATE-----.
Creating
We will create Android compatible certificate files from the original CAcert certificate files. Let's use the Amazon certificate file as the sample for the tutorial. Once you obtain the Amazon certificate file (Amazon.crt). Double click the certificate file, the information of the certificate file shows on screen.
Executing below command in a Linux OS to hash the file.
openssl x509 -inform PEM -subject_hash_old -in root.crt | head -1
This shows you the hash, in the case of the CAcert PEM file 'Amazon.crt' it is '02db8165' (note the use of '-subject_hash_old' instead of '-subject_hash', to get an openssl 0.9 compatible hash) We will use this hash value, append '.0' (dot zero) and use this as the filename for the resulting Android certificate:
cat Amazon.crt > 02db8165.0
After executed above command. You will get a '02db8165.0' file. We will use this hash value, append '.0' (dot zero) and use this as the filename for the resulting Android certificate:
Edit the file by text tool such as Note++, you will find the file be encrypted without further information.
openssl x509 -inform PEM -text -in Amazon.crt -out /dev/null >> 02db8165.0
Executing above command, the hashed file will be updated and there are more information about the certificate file. You will see the difference by editing the '02db8165.0'.
Importing
Enable the ADB of IAdea media player then Making the player's /system folder writable
mount -o remount,rw /system
Pushing those certificate files to below folder in our player via ADB
adb push 02db8165.0 /system/etc/security/cacerts/
Reboot player to take effect new setting.
adb shell reboot
Check the certificate file be install in IAdea media player. You should find the certificate list in trusted credential filed in player.
Basic setting->Advanced->Security->Trusted Credentials
Reference article
http://wiki.cacert.org/FAQ/ImportRootCert#Android_Phones_.26_Tablets
Regards