Android 生成和安装SSL证书

当我成功地将我的自定义SSL证书添加到Android 6 emulator中时，我感觉自己破解了atom。我对system.img文件进行了持久更改。但浏览器根本无法识别它。 我遵循了这个很棒的方法，我认为我在散列方面做错了什么。以下是我所做的全部步骤，以及我迄今为止所取得的成就

我的系统 Windows 10，64位 预建仿真器

姓名：Nexus_64 空气污染指数：23 目标：安卓6安卓API CPU/ABI x86/64 磁盘大小为3 GB 高级仿真器设置

内存：512MB 虚拟机堆：128 MB 内部存储2 GB从右侧的下拉列表中选择 SD卡：Studio管理的2GB 系统文件

从教程中获取证书文件：890c6016.0 创建空文件夹以将系统文件存储在c:\device\u tmp 公用设施：

emulator from/android_sdk/tools/emulator.exe adb from/android_sdk/platform tools/adb.exe 我所做的 启动仿真器：

现在它启动了，我打开了命令行窗口

查找外部存储器的名称，因为SD卡没有足够的存储空间存储映像文件

adb shell df 

在我的情况下/存储/13E4-1F02/获得2GB空间

安装证书

最后的每一行大约需要5分钟。之后，我关闭所有shell窗口并从system.img文件启动设备，从而终止设备

当设备启动时，它的系统中有该证书

构建证书文件 这就是我构建证书文件的方式。我正在使用和openssl，所以我从帮助->SSL代理->导出Charles根证书：go.p12下载了Charles证书

制作阴极射线管

制作PEM

获取要用作扩展名为.0的文件名的哈希代码

复制go.crt并将其名称更改为我们刚刚获得的哈希值890C6016.0

type go.crt > 890c6016.0

*类型是用于catMac的windows命令

将所有签名信息附加到文件中

完成了

证书结果890c6016.0 以下是结果证书的内容：890c6016.0 它还包括您在跑步时将获得的信息： openssl x509-in 890c6016.0-text-noout

890c6016.0：

我的问题 当我从emulator运行默认的android浏览器时，它说当我运行我的应用程序时，它不能信任SSL和类似的问题。这表示代理正在工作，但不接受我生成的证书。我还检查了文件系统以确保。就在那里！ 那么我错过了什么呢

编辑

---

我在emulator上测试了这种方法，它是有效的！！！为什么Android模拟器不同？

因此，您拥有的证书是自签名证书，即证书的颁发者和颁发者具有相同的值。在这种情况下，客户机可能会抛出不信任证书的错误，因为它不知道颁发者。但我不知道为什么它能在Genymotion上运行

---

我建议您参考以下内容：

当您使用openssl查看最终证书890c6016.0时，您是否获得了有效的输出？例如，openssl x509-in 890c6016.0-text-noout还有，仿真器正在使用什么浏览器，以及如何在其上配置信任？@Byob I添加了证书的内容。运行您建议的命令时，会显示类似的结果。我使用默认的android emulator浏览器，带有默认设置。@Ilya_Gazman您是否使用android版本早于android 6.0的仿真器尝试过它？这是属于CA的自签名证书。将其安装为web服务器证书肯定会失败。此CA证书将用于向测试域颁发签名证书，您需要将CA证书作为受信任的根安装，以便浏览器接受它。

adb shell "rm /sdcard/"
adb push 890c6016.0 /sdcard/
adb shell "mount -o remount,rw /system"
adb shell "cp /sdcard/890c6016.0 /system/etc/security/cacerts/"
adb shell "chmod 644 /system/etc/security/cacerts/890c6016.0"
adb shell "dd if=/dev/block/vda of=/storage/13E4-1F02/system.img"
adb pull /storage/13E4-1F02/system.img c:/device_tmp

emulator -http-proxy my.ip:8888 -system c:/device_tmp/system.img

openssl pkcs12 -in go.p12 -clcerts -nokeys -out go.crt 

openssl pkcs12 -in go.p12 -out go.pem

openssl x509 -inform PEM -subject_hash_old -in go.crt

type go.crt > 890c6016.0

openssl x509 -inform PEM -text -fingerprint -in go.crt -out /dev/null >> 890c6016.0

-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgIGAVThome6MA0GCSqGSIb3DQEBCwUAMIHHMVkwVwYDVQQD
DFBDaGFybGVzIFByb3h5IEN1c3RvbSBSb290IENlcnRpZmljYXRlIChidWlsdCBv
biBERVNLVE9QLTU1U01DOTMsIDI0INee15DXmSAyMDE2KTEkMCIGA1UECwwbaHR0
cDovL2NoYXJsZXNwcm94eS5jb20vc3NsMREwDwYDVQQKDAhYSzcyIEx0ZDERMA8G
A1UEBwwIQXVja2xhbmQxETAPBgNVBAgMCEF1Y2tsYW5kMQswCQYDVQQGEwJOWjAe
Fw0wMDAxMDEwMDAwMDBaFw00NTA3MjEwNzE5NTdaMIHHMVkwVwYDVQQDDFBDaGFy
bGVzIFByb3h5IEN1c3RvbSBSb290IENlcnRpZmljYXRlIChidWlsdCBvbiBERVNL
VE9QLTU1U01DOTMsIDI0INee15DXmSAyMDE2KTEkMCIGA1UECwwbaHR0cDovL2No
YXJsZXNwcm94eS5jb20vc3NsMREwDwYDVQQKDAhYSzcyIEx0ZDERMA8GA1UEBwwI
QXVja2xhbmQxETAPBgNVBAgMCEF1Y2tsYW5kMQswCQYDVQQGEwJOWjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALzSQjJpi+WVtoWNjFZh/jArpBMoXNfa
Y5MMuRvnMhMmt+hGnL6v5C5gSmDBwU5YZOhudbAs30J46i2Pft1CZW94AbIwCClu
P1wBjUKZVpt/izY8HfuuiLet0Mup+mU/x8iWwqs4MhJ/DJ4srzho6wKSB/jhZqdt
HbHHdu7+I7XVkk/lP3nMikmhkxQAd6o+zr/dudHTqBaW60PhvsO4tbWec4rSZot7
QXwwaUVAcUD0dNDoLeK6iaiQ5jpZDSL+/0VTRXH639MMLzZYl+sr0qm7y5Bt+RfX
eYV3lI8/H9O9dfdkseY0nbF8GL54dA+BzWZokzUvb9Stb8eMERzCWW0CAwEAAaOC
AXQwggFwMA8GA1UdEwEB/wQFMAMBAf8wggEsBglghkgBhvhCAQ0EggEdE4IBGVRo
aXMgUm9vdCBjZXJ0aWZpY2F0ZSB3YXMgZ2VuZXJhdGVkIGJ5IENoYXJsZXMgUHJv
eHkgZm9yIFNTTCBQcm94eWluZy4gSWYgdGhpcyBjZXJ0aWZpY2F0ZSBpcyBwYXJ0
IG9mIGEgY2VydGlmaWNhdGUgY2hhaW4sIHRoaXMgbWVhbnMgdGhhdCB5b3UncmUg
YnJvd3NpbmcgdGhyb3VnaCBDaGFybGVzIFByb3h5IHdpdGggU1NMIFByb3h5aW5n
IGVuYWJsZWQgZm9yIHRoaXMgd2Vic2l0ZS4gUGxlYXNlIHNlZSBodHRwOi8vY2hh
cmxlc3Byb3h5LmNvbS9zc2wgZm9yIG1vcmUgaW5mb3JtYXRpb24uMA4GA1UdDwEB
/wQEAwICBDAdBgNVHQ4EFgQU0rNPibkiS4JXRyiYSiPfAICMUg8wDQYJKoZIhvcN
AQELBQADggEBAEPUi8eDyNGYl/e20t8ScPeMM3U35FSYv7qnG2Gac2bLhkh6C14e
ucy011Tanj9x1kc3MXATZ8P9fLzCWQotjNlDUjfSXCoQZs2wAtq+V58S0IUyWnnv
4/sJLOI6qCVDoLsE8B6m1Yznb77V+4bq1A31G14nHDks73MWPPY5fKE6QhXFjRoI
Tzex9wjkQoHr8yywwEmTEmmoUvXqT8RRy2cy96I0msp0TUWCFHb2+0eYix7C7Ubw
mHLjOA41MZ9BNlZJBEPS7G35rLMSPFWsj0pa3tZtouk7SxbiIbO/6kk6o/pZdkHf
N2RX07Snk+cQepwiBIpI8YFs9hvxf4V+yLc=
-----END CERTIFICATE-----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:54:e1:a2:67:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=Charles Proxy Custom Root Certificate (built on DESKTOP-55SMC93, 24 \xD7\x9E\xD7\x90\xD7\x99 2016), OU=http://charlesproxy.com/ssl, O=XK72 Ltd, L=Auckland, ST=Auckland, C=NZ
        Validity
            Not Before: Jan  1 00:00:00 2000 GMT
            Not After : Jul 21 07:19:57 2045 GMT
        Subject: CN=Charles Proxy Custom Root Certificate (built on DESKTOP-55SMC93, 24 \xD7\x9E\xD7\x90\xD7\x99 2016), OU=http://charlesproxy.com/ssl, O=XK72 Ltd, L=Auckland, ST=Auckland, C=NZ
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:bc:d2:42:32:69:8b:e5:95:b6:85:8d:8c:56:61:
                    fe:30:2b:a4:13:28:5c:d7:da:63:93:0c:b9:1b:e7:
                    32:13:26:b7:e8:46:9c:be:af:e4:2e:60:4a:60:c1:
                    c1:4e:58:64:e8:6e:75:b0:2c:df:42:78:ea:2d:8f:
                    7e:dd:42:65:6f:78:01:b2:30:08:29:6e:3f:5c:01:
                    8d:42:99:56:9b:7f:8b:36:3c:1d:fb:ae:88:b7:ad:
                    d0:cb:a9:fa:65:3f:c7:c8:96:c2:ab:38:32:12:7f:
                    0c:9e:2c:af:38:68:eb:02:92:07:f8:e1:66:a7:6d:
                    1d:b1:c7:76:ee:fe:23:b5:d5:92:4f:e5:3f:79:cc:
                    8a:49:a1:93:14:00:77:aa:3e:ce:bf:dd:b9:d1:d3:
                    a8:16:96:eb:43:e1:be:c3:b8:b5:b5:9e:73:8a:d2:
                    66:8b:7b:41:7c:30:69:45:40:71:40:f4:74:d0:e8:
                    2d:e2:ba:89:a8:90:e6:3a:59:0d:22:fe:ff:45:53:
                    45:71:fa:df:d3:0c:2f:36:58:97:eb:2b:d2:a9:bb:
                    cb:90:6d:f9:17:d7:79:85:77:94:8f:3f:1f:d3:bd:
                    75:f7:64:b1:e6:34:9d:b1:7c:18:be:78:74:0f:81:
                    cd:66:68:93:35:2f:6f:d4:ad:6f:c7:8c:11:1c:c2:
                    59:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            Netscape Comment: 
                ....This Root certificate was generated by Charles Proxy for SSL Proxying. If this certificate is part of a certificate chain, this means that you're browsing through Charles Proxy with SSL Proxying enabled for this website. Please see http://charlesproxy.com/ssl for more information.
            X509v3 Key Usage: critical
                Certificate Sign
            X509v3 Subject Key Identifier: 
                D2:B3:4F:89:B9:22:4B:82:57:47:28:98:4A:23:DF:00:80:8C:52:0F
    Signature Algorithm: sha256WithRSAEncryption
         43:d4:8b:c7:83:c8:d1:98:97:f7:b6:d2:df:12:70:f7:8c:33:
         75:37:e4:54:98:bf:ba:a7:1b:61:9a:73:66:cb:86:48:7a:0b:
         5e:1e:b9:cc:b4:d7:54:da:9e:3f:71:d6:47:37:31:70:13:67:
         c3:fd:7c:bc:c2:59:0a:2d:8c:d9:43:52:37:d2:5c:2a:10:66:
         cd:b0:02:da:be:57:9f:12:d0:85:32:5a:79:ef:e3:fb:09:2c:
         e2:3a:a8:25:43:a0:bb:04:f0:1e:a6:d5:8c:e7:6f:be:d5:fb:
         86:ea:d4:0d:f5:1b:5e:27:1c:39:2c:ef:73:16:3c:f6:39:7c:
         a1:3a:42:15:c5:8d:1a:08:4f:37:b1:f7:08:e4:42:81:eb:f3:
         2c:b0:c0:49:93:12:69:a8:52:f5:ea:4f:c4:51:cb:67:32:f7:
         a2:34:9a:ca:74:4d:45:82:14:76:f6:fb:47:98:8b:1e:c2:ed:
         46:f0:98:72:e3:38:0e:35:31:9f:41:36:56:49:04:43:d2:ec:
         6d:f9:ac:b3:12:3c:55:ac:8f:4a:5a:de:d6:6d:a2:e9:3b:4b:
         16:e2:21:b3:bf:ea:49:3a:a3:fa:59:76:41:df:37:64:57:d3:
         b4:a7:93:e7:10:7a:9c:22:04:8a:48:f1:81:6c:f6:1b:f1:7f:
         85:7e:c8:b7