[android-security-discuss] Updating cacert.bks. How best to replace compromised root CAs and from where?

Sat, 05 Apr 2014 08:01:22 -0700 

I was wondering if anyone can help me with this. Please, I beg you, have 
patience with me as to the topic of all things to do with updating trusted 
root certificates, I'm not that up on it.

Before I've posted this I've got to a point. I've obtained the *cacert.bks 
*from 
my phone, which is rooted and know how to make the* /system* partition RW 
and RO. I've also successfully opened the *cacert.bks* in Portecle v1.8.  
Did a few test imports from root CAs I've downloaded from the CA authority 
and imported the certificates, to be informed by Portacle that alias 
already exist. Turns out the trusted Root CAs I downloaded are already in 
there. So, the majority of the learning I've already done.

Now, I know there are some root CAs that have been revoked because they 
have been compromised, which I would with to remove or replace. Anyone who 
which these are and from where I can get valid replacements?

I've also noticed in Gingerbread 2.3.6 there are some trusted root CAs that 
expire this year. How to update those?

For example . . .

Entry Alias: 21
Creation Date: 30-Aug-2011 02:20:05 BST
Type: Trusted Certificate
Certificates: 1

    Certificate 1 of 1
    Version: 3
    Subject: CN=KISA RootCA 3, OU=Korea Certification Authority Central, 
O=KISA, C=KR
    Issuer: CN=KISA RootCA 3, OU=Korea Certification Authority Central, 
O=KISA, C=KR
    Serial Number: 0002
    Valid From: 19-Nov-2004 06:39:51
    Valid Until: 19-Nov-2014 06:39:51
    Public Key: RSA (2,048 bits)
    Signature Algorithm: SHA1withRSA
    SHA-1 Fingerprint: 
5F:4E:1F:CF:31:B7:91:3B:85:0B:54:F6:E5:FF:50:1A:2B:6F:C6:CF
    MD5 Fingerprint: 93:EB:36:13:0B:C1:54:F1:3E:75:05:E5:E0:1C:D4:37

There are a few expiring 2015.

Actually, I'm really after replacing any compromised root CAs.  Can anyone 
help me with this?

Second question, These certificate alias named which are numbers which 
don't seem to relate to the certificates. How do these aliases work or does 
not not matter what the alias is set to?

Any help would be awesome.

-- 
You received this message because you are subscribed to the Google Groups 
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/d/optout.

Reply via email to