Self-signed certificates for Android OS
Self-Signed Certificates
Users have a need to add self-signed certificates for Android OS.
This process is relatively simple, but it also has its own features and nuances.
General Information
Terminology
A self-signed certificate is a digital certificate that is not issued or verified by a third party, such as a Certificate Authority (CA). Instead, it is created and signed by the user or organization that uses it.
Simply put, it is a certificate created by the user or organization that uses it.
Necessity
The use of self-signed certificates is most commonly used for:
Application Testing
Developers often use self-signed certificates for testing applications before their publication. This allows them to create a secure connection, for example, between the application and the server, without the need to purchase a certificate from a certification authority.
Internal Use
In some companies, self-signed certificates are used within internal networks to encrypt data and ensure security.
Risks and Limitations
The use of self-signed certificates carries certain risks and difficulties in their use. Key risks include:
- System distrust.
Since self-signed certificates are not verified and not issued by certification authorities, they often trigger security warnings in browsers and applications. This can alarm users.
- Vulnerability of each certificate.
The use of self-signed certificates can increase the risk of attacks such as "man-in-the-middle" (MITM), where a malefactor can intercept data between two parties.
Possible Interactions with Certificates
Creating Certificates
For the procedure to create a self-signed certificate, refer to the separate instruction: Creating Self-Signed SSL Certificates Using the OpenSSL Tool on Ubuntu
Adding Certificates
If a user needs a certificate for an application to work, they can install it themselves manually. The created certificate will confirm that the application is allowed access to specific functions and data.
Certificate Installation Algorithm
- Open "Settings" on the device.
- Go to: "Security and Privacy" > "Additional Security Settings" > "Encryption and Credentials".
- Next, choose "Install Certificates" > "WI-FI Certificate".
- Find and click on the menu icon, represented by three horizontal lines.
- Select the location where the certificate was saved.
- Click on the file. You may need to enter a password for the key storage and then click "OK".
- Enter the name of the certificate.
- Click "OK"
Deleting Certificates
Every user can delete a self-signed certificate by finding it in the list of certificates. To do this, you need to:
- Open the "Settings" application.
- Click on: "Security and Privacy" > "Additional Security Settings" > "Encryption and Credentials".
- Go to the "Credential Storage" section.
Once in the certificate storage, the following actions can be performed with them:
- (Not recommended) To delete all certificates on the device, click "Clear all credentials" > "OK".
- (Recommended) To delete specific certificates on the device, click "User Credentials" > select the necessary credentials to delete.
Notes
Using a WI-FI network protected by WPA-Enterprise. You can use WPA/WPA2/WPA3-Enterprise settings for additional protection when connecting. To do this, you need to:
- Open the "Settings" application.
- Click on the "Network & Internet" > "Internet" > "Add Network" section, using the "+" icon.
- Enter the details provided by the network administrator.
Settings "Do Not Verify".
Saved Enterprise settings that disable server certificate authentication verification are not affected. However, you cannot change them or create new ones.
WPA/WPA2/WPA3-Enterprise settings are available to both individual users and organizational employees.
Subtleties and Nuances
Addressing the issue of collision between server and client.
In this case, it is necessary to enter the domain name not in its full format, but using "".
"abcdef.technomedia.ru" - incorrect
".technomedia.ru" - correct