0

enter image description here

I've been getting this notification, well, basically ever since I moved to my Samsung Galaxy SIII Neo, which is my current phone. Up till a few days ago, I simply hit Clear and ignored this, wondering what it might mean. But now I've started getting the following too:

enter image description here

Note that the only certificate I ever installed was my Uni's wifi certificate, which should definitely NOT cause this, as with my older phone I had similar certificates for almost 2 years, changing 3 or 4 of them, NEVER SEEING ANYTHING like this. So what do those notifications mean and what should I do about them (if anything)?

Community
  • 1
MickG
  • 221
  • 1
  • 5
  • 17

1 Answers1

2

Guess you're using Kitkat (or newer) on that device? I'm afraid in that case you've got to live with that (you will always receive this warning as soon as you've installed a custom certificate – see official changelog regarding this1) – or root your device and install certificates as "trusted certificates" only.

How to install a certificate as "trusted system certificate"

As said, this requires a rooted device. Further, I'm not sure whether it works for certificates other than "CA root certificates" (those used to sign other certificates). For sure you'll need a .pem certificate for the following – and here are the steps:

# find the hash value of the certificate
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
# prepare your certificate. The following line assumes the has is d12345:
openssl x509 -inform PEM -text -fingerprint -in cacert.pem > d12345.0
# now on the Android device: remount `/system` to be able to write to it
mount -o remount,rw /system
# move the certificate to the `cacerts` dir:
cp d12345.0 /system/etc/security/cacerts/
# now adjust the file permissions:
cd /system/etc/security/cacerts/
chown root:root d12345.0
chmod 0644 d12345.0
# finally, remount `/system` read-only
mount -o remount,ro /system

(source: Android without Google 2: ownCloud)

1: thanks to Andrew T. finding that link for proof in the comments

Community
  • 1
Izzy
  • 91,166
  • 73
  • 343
  • 943
  • My certificate is .p12. Anyway, I do not have Kitkat -- or at least I can't find it among my Apps and Play store has the install button for Kitkat 4.4. What do you refer to as «newer»? – MickG Dec 23 '14 at 12:17
  • Lollipop (5.x)? What is your exact Android version (see Settings › About phone on your device if unsure)? Kitkat is the first version I've heard that trouble for (I'm not 100% sure whether it might have been introduced even earlier). – Izzy Dec 23 '14 at 12:18
  • @Izzy Model number GT-I9301I, Android version 4.4.2, Baseband vrsion I9301IXXUANI2, Kernel version 3.4.0-2688263 dpi@SWDD6216 #1. – MickG Dec 23 '14 at 14:34
  • I won't ever notice, as I only use above described method. I don't like to be told which lock screen types I have to use, just because I've installed some certificate for a web site ;) Apart from that, I've not yet updated beyond 4.1, so I cannot check. – Izzy Dec 23 '14 at 14:34
  • @MickG That's Kitkat (4.4.2), as I assumed. – Izzy Dec 23 '14 at 14:35
  • @Izzy what is Kitkat? – MickG Dec 23 '14 at 16:12
  • One of the many Android versions. They all have some "sweet nick-names". I'll update the tag-wiki (link) for you ;) – Izzy Dec 23 '14 at 16:19
  • After researching a little bit, I think it's really been since KitKat (Android 4.4). I checked my testing device and it turned out to be 4.4.2 (not 4.2), so this is correct. (I also found dupe question that I posted on OP's question after that). Edit: and I found the official changelog regarding this – Andrew T. Dec 24 '14 at 01:02
  • Thanks @AndrewT.! Integrated that proof-link with my answer (giving credits to you of course ;) – Izzy Dec 24 '14 at 09:59