cacert.bks was removed in Android 4.0 ICS. There was a script to regenerate in older versions available in AOSP at libcore/luni/src/mail/files/certimport.sh
here is one version online but it assume its run from a AOSP tree: https://android.googlesource.com/platform/dalvik/+/c1e9861bc03550e0db27d5c299b9dcce10b35b64/libcore/security/src/main/files/certimport.sh -bri On Sun, Mar 30, 2014 at 12:56 PM, Myron <[email protected]> wrote: > I was wondering if anyone can help me with this. Please, I beg you, have > patience with me as to the topic of all things to do with updating trusted > root certificates, I'm not that up on it. > > Before I've posted this I've got to a point. I've obtained the cacert.bks > from my phone, which is rooted and know how to make the /system partition RW > and RO. I've also successfully opened the cacert.bks in Portecle v1.8. Did > a few test imports from root CAs I've downloaded from the CA authority and > imported the certificates, to be informed by Portacle that alias already > exist. Turns out the trusted Root CAs I downloaded are already in there. So, > the majority of the learning I've already done. > > Now, I know there are some root CAs that have been revoked because they have > been compromised, which I would with to remove or replace. Anyone who which > these are and from where I can get valid replacements? > > I've also noticed in Gingerbread 2.3.6 there are some trusted root CAs that > expire this year. How to update those? > > For example . . . > > Entry Alias: 21 > Creation Date: 30-Aug-2011 02:20:05 BST > Type: Trusted Certificate > Certificates: 1 > > Certificate 1 of 1 > Version: 3 > Subject: CN=KISA RootCA 3, OU=Korea Certification Authority Central, > O=KISA, C=KR > Issuer: CN=KISA RootCA 3, OU=Korea Certification Authority Central, > O=KISA, C=KR > Serial Number: 0002 > Valid From: 19-Nov-2004 06:39:51 > Valid Until: 19-Nov-2014 06:39:51 > Public Key: RSA (2,048 bits) > Signature Algorithm: SHA1withRSA > SHA-1 Fingerprint: > 5F:4E:1F:CF:31:B7:91:3B:85:0B:54:F6:E5:FF:50:1A:2B:6F:C6:CF > MD5 Fingerprint: 93:EB:36:13:0B:C1:54:F1:3E:75:05:E5:E0:1C:D4:37 > > There are a few expiring 2015. > > Actually, I'm really after replacing any compromised root CAs. Can anyone > help me with this? > > Second question, These certificate alias named which are numbers which don't > seem to relate to the certificates. How do these aliases work or does not > not matter what the alias is set to? > > Any help would be awesome. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to > [email protected]. > Visit this group at http://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
