- My Galaxy A71 device currently running LineageOS 21, Android 14, my god damn Certificate not works, even with
AlwaysTrustUserCerts module in Magisk…
Something we should know:
- When we install an user CA certification, the
xxxxxxxx.0 file will be stored in /data/misc/user/0/cacerts-added/ directory.
- Magisk provides 2 directories to store boot-scripts, in this case, i prefer
/data/adb/service.d/ which runs the scripts inside in “late_start service mode” for NON-BLOCKING the boot.
- Thanks to httptoolkit’s blog, we got a way to add CA certificate to System’s Trusted Root, but this method is not pernament, we have to follow the instruction again after reboot 🫠
Althernative script:
#!/system/bin/sh
mkdir -p -m 700 /data/local/tmp/tmp-ca-copy
cp /apex/com.android.conscrypt/cacerts/* /data/local/tmp/tmp-ca-copy/
mount -t tmpfs tmpfs /system/etc/security/cacerts
mv /data/local/tmp/tmp-ca-copy/* /system/etc/security/cacerts/
cp /data/misc/user/0/cacerts-added/* /system/etc/security/cacerts/
chown root:root /system/etc/security/cacerts/*
chmod 644 /system/etc/security/cacerts/*
chcon u:object_r:system_file:s0 /system/etc/security/cacerts/*
ZYGOTE_PID=$(pidof zygote || true)
ZYGOTE64_PID=$(pidof zygote64 || true)
for Z_PID in "$ZYGOTE_PID" "$ZYGOTE64_PID"; do
if [ -n "$Z_PID" ]; then
nsenter --mount=/proc/$Z_PID/ns/mnt -- \\
/bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts
fi
done
APP_PIDS=$(
echo "$ZYGOTE_PID $ZYGOTE64_PID" | \\
xargs -n1 ps -o 'PID' -P | \\
grep -v PID
)
for PID in $APP_PIDS; do
nsenter --mount=/proc/$PID/ns/mnt -- \\
/bin/mount --bind /system/etc/security/cacerts /apex/com.android.conscrypt/cacerts &
done
wait
Instructions:
- Copy the script to
/data/adb/service.d/ directory
- Set the permission for the script with
chmod +x <script_name>.sh
- Install user CA certificate as normal
- Reboot and enjoy
References: