How to fix broken HTTPS on android when using a openssl self signed localhost certificate?

Question

I followed this guide on how to create my own CA and end entity certificates. My certificate authority (localhost) openssl config looks very similiar to this. According to this post I've set

[ v3_ca ]
basicConstraints                = CA:TRUE

On my desktop devices there are no problems at all and https works fine.

Problems occur when I try to install the root certificate on my android device.

At first I installed the root certificate via the inbuilt 'install from storage' option (Settings / Security / Credential storage). Https works now but I always get the network may be monitored warning.

Following this article I took the certificate hash, renamed the rootca.pem file to {hashid}.0 file as suggested and moved it to /system/etc/security/cacerts/ using ADB on windows powershell (also set chmod and chown).

After rebooting my phone I can see that my authority certificate has been successfully added to android native trusted certificate storage. It's active by default.

Now I got rid of the networking monitor warning but ssl is not working anymore. Android chrome on remote debug throws: broken https certificate missing net::ERR_UNEXPECTED (firefox on android says SEC_ERROR_UNKNOWN_ISSUER)

Is there a way to get around this/install it correctly? Did I forget something?

Answer 1

For those interested I'm sharing the solution:

Here's what I did to solve this:
(1) flashing my sm-g900f with odin v3.12.4-4 and latest twrp 3.3.0-0-klte
(2) backup relevant data, wipe system/cache/... with twrp afterwards
(3) flash 16.0-nightly-klte addonsu-16.0-arm open_gapps-arm-9.0-nano-20190428
(4) install certificate via security settings options. Shown as 'user cert' but no warning message and ssl works now :)

Thanks to JW09I4 from XDA-Developers for helping me out and guiding me through the process of updating my phone.