Nir*_*uan 10 android certificate adb x509certificate
有没有办法.crt在Security -> Trusted Credential -> User tabvia ADB 下安装CA证书(文件)?或任何其他"可编写脚本"的方式.
我想出了一种方法来做到这一点,因此我能够信任查尔斯代理证书.它将被添加为受信任的SSL根证书.
首先,您需要获取证书哈希
openssl x509 -inform PEM -subject_hash_old -in charles-proxy-ssl-proxying-certificate.pem | head -1>toto
我使用Windows,将其存储在var中以自动化该过程 set /p totoVar=<toto
set totoVar=%totoVar%.0 && DEL toto
cat charles-proxy-ssl-proxying-certificate.pem > %totoVar%
openssl x509 -inform PEM -text -in charles-proxy-ssl-proxying-certificate.pem -out nul >> %totoVar%
adb shell mount -o rw,remount,rw /system
adb push %totoVar% /system/etc/security/cacerts/
adb shell mount -o ro,remount,ro /system
adb reboot
我能够通过以下步骤获得服务器证书以显示在Trusted Credential -> User选项卡下(而不是其他答案显示的系统选项卡):
#!/bin/bash
subjectHash=`openssl x509 -inform PEM -subject_hash_old -in server.crt | head -n 1`
openssl x509 -in server.crt -inform PEM -outform DER -out $subjectHash.0
adb root
adb push ./$subjectHash.0 /data/misc/user/0/cacerts-added/$subjectHash.0
adb shell "su 0 chmod 644 /data/misc/user/0/cacerts-added/$subjectHash.0"
adb reboot
2022 :httptoolkit 有一个很好的解决方案,可以在不重新启动到 root 设备/模拟器的情况下注入自定义证书
set -e # Fail on error
# Create a separate temp directory, to hold the current certificates
# Without this, when we add the mount we can't read the current certs anymore.
mkdir -m 700 /data/local/tmp/htk-ca-copy
# Copy out the existing certificates
cp /system/etc/security/cacerts/* /data/local/tmp/htk-ca-copy/
# Create the in-memory mount on top of the system certs folder
mount -t tmpfs tmpfs /system/etc/security/cacerts
# Copy the existing certs back into the tmpfs mount, so we keep trusting them
mv /data/local/tmp/htk-ca-copy/* /system/etc/security/cacerts/
# Copy our new cert in, so we trust that too
mv ${certificatePath} /system/etc/security/cacerts/
# Update the perms & selinux context labels, so everything is as readable as before
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
# Delete the temp cert directory & this script itself
rm -r /data/local/tmp/htk-ca-copy
rm ${injectionScriptPath}
echo "System cert successfully injected"
将文件推送到设备
adb push "C:\path\cacert.cer" "/data/local"
启动证书安装程序
adb shell am start -n com.android.certinstaller/.CertInstallerMain -a android.intent.action.VIEW -t application/x-x509-ca-cert -d file:///data/local/cacert.cer
现在,根据设备上出现的提示完成安装。
小智 5
多亏了这个答案,我才能通过ADB安装用户证书,从而适应了适用于bash shell的脚本:
#!/bin/bash
openssl x509 -inform PEM -subject_hash_old -in charles-proxy-ssl-proxying-certificate.pem | head -1
cert_name=$(!!).0
cat charles-proxy-ssl-proxying-certificate.pem > $cert_name
openssl x509 -inform PEM -text -in charles-proxy-ssl-proxying-certificate.pem-out nul >> $cert_name
adb shell mount -o rw,remount,rw /system
adb push $cert_name /system/etc/security/cacerts/
adb shell mount -o ro,remount,ro /system
adb reboot
(是的,我知道这可能应该是评论,但是我没有足够的声誉来发表评论)
| 归档时间: |
|
| 查看次数: |
11303 次 |
| 最近记录: |