Starting from Android 7 Nougat, applications must explicitly trust user-installed certificates for them to be effective. To bypass this, we can install our own root certificate in the system certificate store.
Requirements: the phone must be rooted.
Step 1: prepare the certificate
If the certificate is DER (e.g. exported from Fiddler), convert it to PEM. Its name can be generated with OpenSSL. Below is a PowerShell script that does all.
param( [Parameter(Mandatory=$true)] [string]$Path ) $s = (&"D:\Tools\openssl\openssl.exe" x509 -inform DER -subject_hash_old -in $Path 2>$null) $s = $s $name = "$s.0" Write-Host $name $fi = New-Object "System.IO.FileInfo" -ArgumentList $Path $newName = "$($fi.Directory.FullName)\$name" Write-Host $newName $s = (&"D:\Tools\openssl\openssl.exe" x509 -inform DER -in $Path 2>$null) [System.IO.File]::WriteAllLines($newName, $s)
Step 2: install the certificate
Connect the phone to host, then:
adb root adb push e5c3944b.0 /sdcard/ adb shell
Now, in adb shell:
mount -o remount,rw /system cd /system/etc/security/cacerts mv /sdcard/e5c3944b.0 . chown root:root e5c3944b.0 chmod 644 e5c3944b.0 mount -o remount,ro /system exit
Reboot the phone, done.