Install certificate on AndroidTV

Question

I was needing to view the backend https requests made by my androidTV's application, but, as the calls are "https" calls I am needing to install a charles certificate (on my androidTV) to allow charles to decrypt them.

If anyone knows how to install a certificate on androidTV please tell me.

Thanks a lot!

This [SO post](http://stackoverflow.com/questions/17823434/ssl-proxy-charles-and-android-trouble) will help you with the installation of a certificate. Then, you may want to try connecting your Android TV to your machine which runs a Charles proxy as shown in this [YouTube video](https://www.youtube.com/watch?v=oAsObnaROcs). — Teyam, Feb 25 '17 at 16:33
I'm also trying. no menu item for that on TV and createInstallIntent fails even when given android.permission.MANAGE_CA_CERTIFICATES . I can't seem to find any way of doing this (manually/prog). Can someone redirect to info for why it's not possible? — HLL, Jun 15 '18 at 16:22
Now I have found the solution and just posted it as an answer — Zahid Rasheed, Mar 04 '21 at 14:10

score 4 · Answer 1 · answered Jun 01 '21 at 09:55

You can install SSL certs in the Android Emulator through ADB, given that you use an emulator image without Google Play Services. This will allow you to root your emulator and push the certificate to the cacerts directory in /system. This means you can install SSL certificates on AndroidTV even though there is no UI for this available in settings.

To install your certificate in the emulator, follow these steps:

Get an Android (TV) emulator without Play Services and give it a convenient name
Go to $ANDROID_HOME/emulator and run ./emulator @<emulatorname> -writable-system. If you run the emulator through Android Studio, you won't be able to mount the system partition as writable.
adb root
adb remount
openssl x509 -inform PEM -subject_hash_old -in <your certificate>.pem | head -n 1 , this will give you a hash you'll need in the following steps
Rename <your certificate>.pem to <hash>.0 (e.g. 711d79cc.0)
adb push <hash>.0 /system/etc/security/cacerts/<hash>.0
adb shell chmod 644 /system/etc/security/cacerts/<hash>.0

score 3 · Accepted Answer · answered Mar 04 '21 at 14:10

I wrote an article on this: https://zahidrasheed.medium.com/charles-proxy-with-androidtv-fedc863e7039

TLDR; 1- Export root certificate from charles app and put it under res/raw by:

Help > SSL Proxying > Save Charles Root Certificate… and save it as charles_ssl_cert.pem file.

2- Embed the certificate in the app through network-security-config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <debug-overrides>
        <trust-anchors>
            <certificates src="system" />
            <certificates src="@raw/charles_ssl_cert" />
            <certificates src="user" />
        </trust-anchors>
    </debug-overrides>
</network-security-config>

3- Export the root certificate again by:

Help > SSL Proxying > Export Charles Certificate and Private Key

Now share the .p12 file with users who would like to test the app. The need to:

Proxy > SSL Proxying Settings > Root Certificate > Import P12 (Enter the password you used above).

mbonnin · Answer 3 · 2017-08-07T09:27:41.957

1

You can do it programmatically. See here for more details. I haven't found an option to do it from the Android TV UI unfortunately.

EDIT: Even that fails with

android.content.ActivityNotFoundException: Unable to find explicit activity class {com.android.settings/com.android.settings.CredentialStorage}; have you declared this activity in your AndroidManifest.xml?

So I don't know how to do this...

edited Aug 07 '17 at 09:27

answered Aug 07 '17 at 09:16

mbonnin

6,893
3
39
55

Install certificate on AndroidTV

3 Answers3