Since the last Update 21062021 the own ca-certificates are not trusted anymore

you can still use a user-provided root-ca, but depending on API level an app targets, the App needs to opt-in to trust user-supplied root-CAs on the device

https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html

User-added CAs

[…]. Android Nougat changes how applications interact with user- and admin-supplied CAs. By default, apps that target API level 24 will—by design—not honor such CAs unless the app explicitly opts in. […]

this is achirved with a network-security-config of the App as in https://developer.android.com/training/articles/security-config

  • Custom trust anchors: Customize which Certificate Authorities (CA) are trusted for an app’s secure connections. For example, trusting particular self-signed certificates or restricting the set of public CAs that the app trusts.

I gave this a try, it’s a bit cumbersome but Firefox has a hidden option for this, and accepted a certificate signed by my own root-ca-cert.

Firefox added it within https://github.com/mozilla-mobile/fenix/issues/3728
(enable secret menu via logo touch incantation → secret settings → enable user trust-ca)

Bromite added this in https://github.com/bromite/bromite/pull/1110
(goto chrome://flags → search for “allow”, enable “allow-user-certificates”

1 Like