How to Update HTTPS Security Certificate Authority Keystore on pre-android-4.0 Device

Editorial Note

This article appears in the Third Party Product Reviews section. Articles in this section are for the members only and must not be used by tool vendors to promote or advertise products in any way, shape or form. Please report any spam or advertising.

The Problem

I have a Samsung Galaxy S phone with Android 2.3.3 (Gingerbread). This device came out in March 2010 which is ancient in terms of mobile devices, but I am still rather fond of this phone. I began having trouble with certain websites when they changed their certifying authority early in 2013.

This included problems with well known sites such as Facebook and redbox. Many sites would get the security warning 'This certificate is not from a trusted authority'. Also, I had some problems with apps using SSL.

The Details

When looking in logcat, I see something like:

Looking at the example website using my computer's browser on I noticed the certificate was recently renewed Feb 28, 2013 which is about when I started having problems (the CN listed was from: "Cybertrust Public SureServer SV CA"). Cybertrust now has another CN in Baltimore that is authorizing the new certificate for

You'll need to have root access to your device to do any of these commands. Also note that Android 4.0 has a different mechanism for working with certificates. Getting root access of your device is beyond the scope of this


Using adb, I was able to pull the keystore and examine it to check for the certificates I was looking for.

You can examine the keystore on your computer using the Portecle software. Portecle is available from .

The Fix

To fix my problem and update my Android 2.3.3 phone certificates, I copied the one from the Android 3.2 emulator and put that on my phone. Android 4.0 devices do not use the same cacerts.bks file so they could not be used to copy from.

  1. Download the updated cacerts.bks file here .
  2. Connect your device to be updated (must be root). You may need to remount the /system folder as rw for read/write capabilities if you have failures on the push procedure.
  3. Save a copy of the old cert file from your device:
  4. Put the updated cert file on your device
  5. Reboot the device

Now your device should have access to the updated list of certificates from the new keystore. You can verify this by pulling the cacerts.bks file from the device and comparing it to the original file.

Related Work

Hope you found this guide useful, please drop a note, somewhat funny internet cat picture, or +1 if it helped.

You may also want to check out my WorxForUs Android Database and Networking framework that assists database access and network access and addresses several common pitfalls.


Category: Insurance

Similar articles: