Security Warning Android Certificate Issues. Security Certificate Overview

09.09.2019 Opera

In principle, the client is not the most miserable - you can use it, but if you are somewhere on a trip and you only have an Android phone or tablet on your hands, this is the only way to quickly connect and fix something through a working computer.
It seems that the software is not very sophisticated and it doesn’t require much settings, and if you use the web interface to run applications, as is done in our organization, then absolutely nothing ...
But not everything is so cloudless!

What kind of problems could arise?

To organize this kind of remote access architecture, certificates are often used that are signed by centers that are not included in the standard list. Why Google is so bad, and did not include such a simple function in its OS, (along with such, again, the necessary function, as the ability to register a proxy server) like installing additional CA root certificates, we are not going to discuss here.
The first sign that the server uses a self-signed certificate is that when you open a web resource from anywhere using, for example, the Mozilla Firefox browser, the program displays a message that it cannot decide on trust itself whether it is a certificate to establish a secure connection or not, it gives you the right to choose.
If you have such a picture, then this article is just for you!

So what does it take to run applications published on your company’s Citrix XanApp through Citrix Receiver?

First of all, as it turned out, you need to install Mozilla Firefox for Android. It is very strange, but no other browser transfers the file (launch.ica) needed for the connection to the client program. We only know that everything works fine with Firefox.

Secondly, the client program itself is needed. Here on the Android Market we have a choice: a stable Citrix Receiver, or being at the testing phase of Citrix Labs Receiver. The second one we did not want to accept a certificate in any, the first - stable, after a sleepless night, we still earned it.

Thirdly, you must have root access to your device, or the ability to extract and write files back through adb, although in this case you also need root access (you can learn how to configure it by spending a little time on viewing the results that gave you Google on request type "<имя вашего устройства> root access howto "or"<имя вашего устройства> adb configure howto ").

We didn’t bother with the adb configuration issue, again, since we prefer to work directly through the file managers with the system. In any case, the network has a lot of information about this (the Russian-language resource on which the most information of this kind is http://w3bsit3-dns.com/forum, the English-language is http://forum.xda-developers.com). If you will use direct access to system files, then you need a file manager that can use root rights (for example, Root Explorer).

Fourth, you need a machine with any of the popular Linux distributions and the installed Java machine from Oracle (we used Ubuntu 10.10 with the JRE installed).

And the last on the list, but by no means the least, is the root certificate of the certification authority (let it be called CompanyCA.crt).

From the requirements (if they are all fulfilled), we proceed to action.

For convenience, we will list everything item by item.

1. We go from the device to the Android Market and install Firefox.
2. We go from the device to the Android Market and install the Citrix Receiver.
3.1.1 (3.1.x for those who prefer direct access) Using the file manager, copy the file /system/etc/security/cacerts.bks cacerts.bks to the SD card.
3.1.2 Connect the device as a drive to a computer with Linux.
3.1.3 Copy the cacerts.bks file from the root of the card to your home folder.
3.2.1 (adb) copy the certificate
$ adb pull /system/etc/security/cacerts.bks cacerts.bks

4. This item assumes that you have already installed and configured JRE 1.6 and the environment variable JAVA_HOME (in my case JAVA_HOME \u003d / usr / lib / jvm / java-6-sun /) is registered.
Download the bouncycastle.org/download/bcprov-jdk16-146.jar package and drop it into the $ JAVA_HOME / jre / lib / ext / folder
If you have JDK installed, then this package must also be placed in the / usr / lib / jvm / java-6-openjdk / jre / lib / ext folder
wget bouncycastle.org/download/bcprov-jdk16-146.jar
sudo cp bcprov-jdk16-146.jar $ JAVA_HOME / jre / lib / ext / bcprov-jdk16-146.jar
# or sudo cp bcprov-jdk16-146.jar /usr/lib/jvm/java-6-sun/jre/lib/ext/bcprov-jdk16-146.jar

5. We drop the certificate file CompanyCA.crt also in the home folder. If you don’t have one, but you agreed to accept the certificate when switching to the XenApp web interface, then you can export it from Firefox. How to do this - tell Google. We can only clarify that encryption is needed X.509 PEM.

6. Download and install the Android SDK (if you do not plan to use adb, then you can skip this step):
wget dl.google.com/android/android-sdk_r10-linux_x86.tgz
tar -xvzf android-sdk_r10-linux_x86.tgz
sudo mv android-sdk-linux_x86 / usr / lib / android-sdk-linux_x86
Running anything from the kit is not required for our task. But you need to register the SDK executable files in the environment variables export PATH \u003d $ (PATH): / usr / lib / android-sdk-linux_x86 / tools.
In our case, the issue with environment variables is solved by adding lines to the end of the ~ / .bashrc file
export PATH \u003d $ (PATH): / usr / lib / android-sdk-linux_x86 / tools
export JAVA_HOME \u003d / usr / lib / jvm / java-6-sun / jre

7. Open the console and execute the command
keytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass changeit -importcert -trustcacerts -alias CACERT -file CompanyCA.crt

Be careful - do not change the -storepass changeit parameter, there really is such a password)

In response to this command, you should receive certificate information and the request “Trust this certificate? : "- respectively answer" y ".
That's it, our file is prepared. Now you need to download it to the device.

8.1.1 (direct access) We connect the device as a drive to the computer;
8.1.2 Download the cacerts.bks file to the map;
8.1.3 Transfer the cacerts.bks file manager from the / sdcard folder to the / system / etc / security / folder, pre-mounting it for recording;
8.2.1 (adb) Mount the system for recording:
$ adb shell mount -o remount, rw / system;
8.2.2 Download the file:
$ adb push cacerts.bks / system / etc / security /;
8.2.2 Mount the system read-only:
$ adb shell mount -o remount, ro / system.

The hard part is over. There were a couple of feint ears.

9. Reboot the device.

10. Launch Firefox and open the web access page.
The following picture will appear approximately:

11. Select an application from the list and try to run;

In preparing the instructions used resources.

Instruction manual

Install the certificate on Nokia. Download and install the Java Runtime Environment application, you can download it at http://java.com/en/download/manual.jsp. Also download and install the MobiMb phone memory application - http://forum.allnokia.ru/files/07/14/mmb_3.4_dp3_165.rar.

To install the certificate on your phone using the MobiMb program, copy the contents of the User folder from the Behappy archive (you can download it here http://forum.allnokia.ru/files/07/14/behappy_631.rar) to the folder on the phone Hiddenfolder / certificates / user . For Series 60 smartphones, from the Auth folder, copy the Exp.cer certificate to the root folder of the smartphone and install it. During the installation of the certificate, select the "Install applications" option.

Install a special Halmer certificate on your Sony Ericsson phone to prevent errors when installing themes and applications on your phone. To do this, download it to your computer at http://www.topse.ru/forum/attachment.php?attachmentid\u003d27380&d\u003d1236477394.

Next, copy the downloaded file to the tpa / preset / custom folder or tpa / preset / default folder, depending on the phone model. To check if you were able to install the certificate on Sony Ericsson, open the main menu on your phone, go to settings, select the option “Communication”, then “Internet” - “Security” - Java.

Connect the Samsung phone to the computer to install the certificate on it, launch the Microsoft ActiveSync application, go to the “My Documents” folder and create the “Certificates” folder there. Copy the certificate files and synchronize to the device. Turn off the phone. Go to the main menu in it, select the folder “My Documents” and “Certificates”. Double-click on the copied files to install them.

Owners of Nokia smartphones running on the S60 platform have to face a situation where the installation of some applications is impossible due to an error certificate. In such cases, you must sign the program with a personal certificate. This can be done using a special program.

You will need

- personal certificate;
- FreeSigner application.

Instruction manual

First of all, you need to get a personal certificate with which you can later sign any application and install it on your smartphone. To do this, go to the site www.allnokia.ru and in the “Services” menu open the “Order” section certificate».

The next step is to install the FreeSigner application. You can download it for free on sites www.symbian-freeware.com, www.symbianfree.ru and others. After downloading, install the program. The application does not require a signature certificate.

Select Sign key and specify the path to the key file (you received it with the certificate). In the Sign key pass section, enter the password: "12345678".

By default, the signed application will be placed in the folder where the original program file is located. If you want to specify a different path, select the Output directory item and select a new folder.

Return to the main menu of the program and select the Add task command. A file manager will open with which you can find the application file that you want to sign with a certificate. Find and select it.

Press the Options menu and select Sign sis. Now press Options again and choose Go! The file will be signed. Now a new file (the word Signed will be added to its name) can be opened and installed.

Related videos

The theme is the graphic design of our phone. It consists of several elements: background image, active background, color scheme, icons and indicators. The wallpaper performs the function of wallpaper, like on the desktop of a computer. An active background defines the background when entering the menu. The color scheme consists of several primary colors used in the design of the theme. Icons - graphically illustrate functions phone, and the indicators show the clock, battery level and network signal.

Instruction manual

If you just want to change the topicinstalled in your phone by default, then select "Settings" in the menu, find the "Themes" in the list of configurable parameters, select and install the appropriate one.

If you are not satisfied with the options proposed by the manufacturer, then you can find and install a new one. the topic to your phone by downloading it from the Internet. In the search bar of your browser, type “theme for phone", Indicating the manufacturer of his device in order to narrow the search. Choose your favorite the topic and download it to your computer.

Sign the application with a certificate on your smartphone using the MobileSigner application. 1. Install the program on your smartphone. 2. Put in memory smartphone your certificate and security key. 3. Run the program. 4. In the SIS file clause, specify the path to the application to be signed. 5. In Cert file, specify the path to the certificate. 6. In the Key file section, specify the path to the security key. 7. In Password, enter the password. If a password is not required, leave the field blank. Typically, the password for the key is a sequence of digits “12345678” .8. Click the Sign button. Your application is signed.

Sign the application with a certificate on your smartphone using the FreeSigner application. 1. Install the program on your smartphone. 2. Run the program and go to the menu "Options - Settings". 3. Skip the first three points (Self Sign Cert, Self Sign Key and Self Sign Key Pass). 4. In the Sign Cert section, specify the path to your certificate, in the Sign Key section - the key, and in the Sign Key Pass section, if necessary, the password for the key. By default it is "12345678" .5. In the main program window, select the "Add task" item. Select the application you want to sign. 6. Click the Sign Sis button. Application for smartphone signed.

Sign the application with an online certificate on the Internet. 1. Go to the website OnLine-signature of the application with a certificate ( https://www.symbiansigned.com/app/page/public/openSignedOnline.do) .2. Fill all necessary fields. Indicate the IMEI of the phone (you can see your IMEI by typing the code * # 06 #), a really existing e-mail, in the Application field - the path to the application on your computer. Under Capability information, click Select all. 3. Enter the verification code shown in the figure. 4. Check the box next to the Accept legal agreement and click the Sent button. 5. After a while, a letter will be sent to the specified email address with a link to a confirmation. Open it and follow the link. 6. After that, a new letter will be sent to your e-mail with a link to download the signed application. It remains only to download and install on your smartphone.

Sources:

How to sign a certificate for Nokia 5800 with Symbian 9

Install applications on your phone Samsung you can use either a computer or without it. In the menu of modern phonefor this, there is even a separate Samsung Apps button provided, clicking on which will lead you directly to the website of the same name, where you will surely find more than one useful application for your mobile. And if that doesn't seem enough to you, applications for Samsung there are other sites - choose the taste.

You will need

- A computer;
- internet connection;
- Samsung Kies program;
- USB cable.

Instruction manual

Download Samsung Kies from the Samsung Apps website. Install the program and connect phone to the computer using a USB cable. In this case, select the cable connection mode “Samsung Kies” (the menu for selecting connection modes will be displayed on the screen of your phonebut).

Select the link to the Samsung Apps store in the program menu. When you first visit the resource, you will be asked to choose your country of residence and familiarize yourself with the terms of use.

Please note that with this method of logging into Samsung Apps (when connected phonee), you will be offered programs designed specifically for your mobile model. So to search for applications, you just have to choose the category that is most interesting to you. It is also possible to filter the programs offered for installation by the conditions of their distribution (paid / free).

View detailed description applicationsby double-clicking on his image. If you liked the program, you can download it immediately by clicking on the appropriate button, or postpone it to Favorites to download later. You can control the download process using the information at the bottom of the page. When connected phonethe program will be installed directly into it. You will find it later in the menu phonebut.

Log in to Samsung Apps using the button of the same name in the menu of your phonebut. Choose applications by category. To install the application on phone, select it by tapping your finger. In the window that opens, click on the “Get” button. The history of all your downloads in Samsung Apps is stored in your personal account. When new versions of previously acquired applications appear, you will receive a notification.

Download the java application (jar file) you like from another site to your computer. If the file is archived, unzip the archive. Copy the file to your phone to the Others folder using a connection via a USB cable or bluetooth. You can also download jar files, bypassing the computer, directly from the site via your web browser phonebut.

Disconnect the mobile from the computer and open the menu phoneand “My Files” is the “Other” folder. Select the downloaded file (click on it with your finger) - the process of installing it on phone. Wait for the installation to complete. You can find the downloaded application in the "Games" menu.

Related videos

The need to install a root certificate is caused by the features of setting up a secure Internet connection with websites using the HTTPS protocol and working with the WebMoney Transfer system.

You will need

- Internet Explorer 7

In this article, we will try to familiarize you with what a certificate is, why it is needed, how to obtain it, and, ultimately, how to sign the application.

A certificate is an electronic document that gives applications the right to be applied (installed) in the Symbian OS9.x environment for a specific end user. The document puts forward certain requirements for software developers depending on the development of Nokia operating systems and hardware, which forms a standard condition for determining the period of use - the validity of the certificate. The certificate contains information identifying the holder (Symbian company) from which the certificate is issued. Published by certification authorities and issued by Symbian.

So, you have become the proud owner of a Nokia smartphone. And first of all, after you familiarize yourself with it, decide that any programs or games should be installed on your phone. You will go in search of interesting software on the Internet, or you will find an interesting toy or decide to install a theme. And now, perhaps for the first time you will encounter the fact that your phone will begin to write you some messages incomprehensible to you, and, most unpleasantly, it will tell you not to install the applications that you want to put in it.
Let's start looking at everything in order.

The first thing you must do before you start installing any application on your smartphone is to disable certificate verification.

This does not mean that now you can install any application on your smartphone. This is necessary because immediately after buying a smartphone it is pre-configured with factory settings, which by default do not allow you to install an unreliable, dangerous application, according to the developers of the Symbian system. We need to allow you to install untrusted applications.

This is done from the Application Manager.
Disp. Applications -\u003e Options -\u003e Settings -\u003e Program. Inst .-\u003e All, Certificate Verification -\u003e disabled.

Why have we disabled certificate verification:

* If you use official software, then to verify the authenticity of the security certificate, you will need to connect via the Internet to the specified address, which will entail the cost of a certain amount of traffic, as well as the need to configure Internet access through your operator.
* If you use unofficial software, the certificate will not pass authentication and installation will be canceled. For verification, either the Internet address specified by you is used forcibly, or the default address set in the Application Manager settings is used.

Now that we have prepared, we can try to install our first application on the phone.
Next, we will consider with you the behavior of your smartphone, what you will observe on the phone screen, how you will respond to a particular message, and what they mean.

The most common error messages and methods for solving them:

* "Certificate has expired"

This error appears if you install an application signed with a currently expired certificate.

Solution:
1. If you know when the certificate was received by which the application was signed, then transfer the date on your smartphone to the date of receipt of the certificate and install the application now. After successful installation, return the date in the phone to the current one.
2. Usually the user does not know the date of receipt of the certificate, so the simplest thing is to transfer the date to six months or a year ago. Then install the application. After setting it, transfer the date in the smartphone to the current one.
3. If you have an unsigned version of this application, then sign it with a fresh certificate.

* "Certificate has not yet expired"

This error occurs with new certificates. The validity date of the certificate by which the program is signed has not yet come. This can happen due to the difference in time zones, the place where the certificate was issued, and the place where you are now. Also, a possible reason may be that you set the wrong date on your smartphone.

Solution:
1. You need to check whether the date on the smartphone is set correctly, and if it is set incorrectly, then change it to the current one.
2. If the problem is that the certificate was only recently received, then transfer the date on the smartphone one day in advance and install the application. Then return the date to the current. This problem will not appear in you every other day, because the validity period of the certificate will already take effect.

* "Unable to install secure application from untrusted source"

This means that the application you are installing is not signed with a personal certificate. Such a certificate is created for each smartphone separately, with reference to its IMEI.

Solution:
1. You need to get a certificate under the IMEI of your smartphone and sign the application with it.
2. Sign the OnLine application, if possible.

* "Certificate error"

This error appears when the program was signed by someone else's certificate, i.e., such that it was created under a different IMEI. It is also possible that you made a mistake when entering your IMEI to request a certificate or OnLine subscription.

Solution:
1. You need to sign this application again, only with your certificate and only the previously unsigned version. Please note: if you sign with your personal certificate an application that has previously been signed by another, foreign certificate, then it will not be installed on your smartphone.

* "Installation denied, "Invalid certificate"

These errors indicate that you have not disabled certificate verification in the Application Manager settings.

Solution:
1. Go to the Application Manager on your smartphone.
Disp. Applications -\u003e Options -\u003e Settings -\u003e Program. Inst .-\u003e All, Certificate Verification -\u003e disabled.

* "Certificate error - contact your application provider!"

This error indicates that the application you are trying to install does not have a security certificate.

Solution:
1. It is necessary to certify this application, ie sign it.

* When you try to install the application, your smartphone tries to connect to the Internet

This is due to the need to authenticate the security certificate with which the program is signed. To connect, either the Internet address you have specified is forced, or the default address set in the Application Manager settings is used.

Solution:
1. It is necessary to disable certificate verification in the Application Manager.
Disp. Applications -\u003e Options -\u003e Settings -\u003e Program. Inst .-\u003e All, Certificate Verification -\u003e disabled.

What is
personal security certificate
and what are its functions:

* A personal security certificate is issued for only one IMEI, i.e. for one phone, and it is attached to the IMEI of this phone. That is why it is impossible to install an application signed with a certificate under a foreign IMEI.
* Once a certificate is received, you can sign all programs that require certification, but only for a smartphone, on whose IMEI the certificate was issued.

Which exist
types of security certificates:

Applications that the user installs interact with the Symbian operating system through a set of API functions, and, accordingly, must have rights to access them. In all younger OSs, this was not regulated; starting with Symbian OS 9, user protection against malware and from rash actions of the user himself was introduced.
Therefore, we can talk about the division of access rights certificates; there are 3 types of them:

1. Custom(they are called general) certificates:
o The application is signed by a common certificate and any user can install it.
o Have access to API functions of the operating system by 60%.

2. Symbian Signed capability (called
personal, personal certificate):

O Applications require a Symbian Signed certificate, i.e. subscribes to one IMEI, respectively, only for personal use.
o Have access to the API functions of the operating system by 80%.

3. License / Platform capability
o Have access to the API functions of the operating system 100%.

How can I sign an application:

Having already a personal security certificate, the program can be signed:
+ On a personal computer using the SisSigner program.
+ On a smartphone using the MobileSigner program.
+ On a smartphone using the FreeSigner program.
Those who have not received a personal certificate can sign the program:
+ Using the service of online signing applications.
+ Using the service OnLine order certificate.
+ Sign with a universal certificate that does not have restrictions on Сapability.
+ Independently obtain a Symbian Signed Publisher ID certificate.
+ Order and receive a Symbian Signed Publisher ID certificate in the Chinese forum.

Additional Information:

In connection with the appeared way of opening full access to system files and folders, it became possible to use the so-called universal certificate (suitable for any IMEI, provides applications with the same rights as the OS itself). And also it became possible to completely disable certificate verification in the phone.

For this it is necessary:

1. Get full access to the system folders by any of the proposed methods:
o Full access to the system folders of the smartphone based on Symbian OS 9.x (Used by PC. Method for older firmware. Deprecated)
o Full access to the file system of smartphones running OS 9.1 and 9.2 (Used by PC. Method for older firmware. Deprecated)
o Full access to the system folders of the smartphone based on Symbian OS 9.x (Without using a PC. Method for older firmware)
o Full access method for all Symbian OS9x smartphones (including 9.3 and 5800)
o Gaining full access to system files and folders for Symbian OS 9.4 smartphones

2. Install a universal certificate:
We sign applications with a universal certificate that does not have restrictions on Capability

This gives us the opportunity described above to install applications signed with a universal certificate that is suitable for any IMEI and provides applications with the same rights as the OS itself.

3. Install the modified installserver.exe file, the use of which disables certificate verification in the OS.
About how to install the file and download the archive with this file:
o Full access to the system folders of the smartphone based on Symbian OS 9.x (third method). Without using a PC.
o Obtaining full access to system files and folders for new firmware. Without using a PC. Works on new firmware for 9.1 and 9.2

Thank you for the article: Olga Chervona

Install a security certificate on os android. Attention! Instructions for setting up certificate import on android may be slightly. Through the creep on the product, the activation of microsoft ce and yes have been fed. Windows vista home basic 64-bit edition windows vista ultimate 64-bit.

To install a certificate from the device’s internal memory Android certificate installation. 2em; "\u003e, 2em; "\u003e follow these steps. Configuration file, 2em;"\u003e keys and certificates must be copied in advance to the file space of your android device. Abuse of law or how easy it is to take away a fan community

\u003e,. 2em; "\u003e with a key and certificates. Information on installing an openvpn client for android is in demand on the Internet and requires special attention in order to illuminate this issue from the right angle. Are there any ways to implement this

Setup on smartphones and tablets with os android 4 x android certificate installation

: Rating: 68 / 100 Total: 12 ratings.

sotikteam.ru Smartphones. Antiviruses. Programs. Instructions. Browsers

Security Warning Android Certificate Issues. Security Certificate Overview

What kind of problems could arise?

So what does it take to run applications published on your company’s Citrix XanApp through Citrix Receiver?

From the requirements (if they are all fulfilled), we proceed to action.

Setup on smartphones and tablets with os android 4 x android certificate installation

Similar publications

Security Warning Android Certificate Issues. Security Certificate Overview

What kind of problems could arise?

So what does it take to run applications published on your company’s Citrix XanApp through Citrix Receiver?

From the requirements (if they are all fulfilled), we proceed to action.

Setup on smartphones and tablets with os android 4 x android certificate installation

Similar publications

If the computer gives an error on the screen, the most common types

New Year Live HD Wallpapers, Games and Android Applications

How to change the password in the "contact" or what to do if you can not go to the "VK"