Creating and importing self-signed certificate to Android device

This instructions will help you to create new self sign certificate and import it to your android device.

Due to a bug in android internal code you need some extra steps while generating your certificate. Otherwise your self-signed certificate will not show up under “trusted credentials” in android menu.

Create an auxiliary file “android_options.txt” with this line inside:


Create self-signed certificate using these commands:

  • openssl genrsa -out priv_and_pub.key 2048
  • openssl req -new -days 3650 -key priv_and_pub.key -out CA.pem
  • openssl x509 -req -days 3650 -in CA.pem -signkey priv_and_pub.key -extfile ./android_options.txt -out CA.crt

Now our CA.crt certificate is almost ready.

Convert certificate to DER format:

  • openssl x509 -inform PEM -outform DER -in CA.crt -out CA.der.crt

Import CA.der.crt:

  • Put the CA.der.crt onto the sdcard of your Android device (usually to internal one). It should be in root directory.
  • Go to Settings / Security / Credential storage and select “Install from device storage”.
  • The .crt file will be detected and you will be prompted to enter a certificate name.
  • After importing the certificate, you will find it in Settings / Security / Credential storage / Trusted credentials / User.

Leave a Reply