search

fork-maintainers / iceraven-browser

Iceraven Browser
4.61k stars 223 forks source link

Cannot import CA certificate #436

Open freebrowser1 opened 2 years ago

freebrowser1 commented 2 years ago

What is the user problem or growth opportunity you want to see solved?

Unlike Firefox for macOS I cannot import a CA certificate in Iceraven.

How do you know that this problem exists today? Why is this important?

Because viewing websites with self-signed certificate.

mirushi commented 2 years ago

See https://kb.adguard.com/en/android/solving-problems/firefox-certificates. Use the first method.

freebrowser1 commented 2 years ago

I tried this and found the option to enable third party certificates. But I could not find where to import such a certificate.

mirushi commented 2 years ago

Simply install the certificate on your device's user certificate store. Then the browser will use it. You can search for keyword on Google or similar: Add user certificate for Android if you don't know how to do it.

freebrowser1 commented 2 years ago

Thanks. I have already imported the certificate into the device's user certificate store. After using the first method (i.e. enable secret options, allowing import) it still was not recognized.

So then I tried it using the root method (2) from Adguard. (https://kb.adguard.com/en/android/solving-problems/firefox-certificates).

With a rooted device one can use option 2. I did it by importing certificaties into Firefox 96 for macOS (should also work on Windows / Linux, but folders are different) using the YYYYYY.default folder in the Firefox app data on your desktop OS which is ~/Library/Application Support/Firefox/Profiles/YYYYYY.default-release , where YYYYYY is a random string generated by Firefox at installation. Get, as described in Adguard, the files cert9.db and key4.db.

After importing I copied the cert and key files to the /sdcard/Download of my Android device. Then I closed (and killed using app list, swipe away) Iceraven on Android. Then I started a root shell. I used an SSH root shell using Termux, but the adb method of Adguard should also work. After getting a root shell into Android:

cd /data/data/io.github.forkmaintainers.iceraven/files/mozilla/YYYYYYY.default/

Make a backup copy of the key and cert files:

.../mozilla/YYYYYYY.default # cp -av cert9.db cert9.dbXXX
'cert9.db' -> 'cert9.dbXXX'
.../mozilla/YYYYYYY.default # cp -av key4.db key4.dbXXX
'key4.db' -> 'key4.dbXXX'

Copy the key and cert files from the Download folder:

.../mozilla/YYYYYYY.default # cp -av /sdcard/Download/cert9.db .
'/sdcard/Download/cert9.db' -> './cert9.db'
.../mozilla/YYYYYYY.default # cp -av /sdcard/Download/key4.db .
'/sdcard/Download/key4.db' -> './key4.db'

Set proper owner rights of these two new files (replace u0_aUUU by the proper Linux 'user ID' of the Firefox / Fennec / Iceraven app, to be seen when doing ls -al)

.../mozilla/YYYYYYY.default # chown u0_aUUU:u0_aUUU cert9.db
.../mozilla/YYYYYYY.default # chown u0_aUUU:u0_aUUU key4.db

Restart Firefox / Fennec / Iceraven app on Android and it should be OK now.

Anyway, for me it worked !

daiaji commented 4 months ago

Thankfully, the desktop version's profile is also functional on the mobile version.

However, I must admit that I don't understand why, when enabling security.enterprise_roots.enabled, the CA certificates on Android's system are not trusted.