Recently I’ve encountered a website that is using the certificate “Verisign Class 3 Secure Server CA – G3”. Unfortunately, my Android device (Samsung Infuse running Froyo 2.2.1) doesn’t know about that certificate, so I get a warning.
Installing a certificate on this device is not hard, but there are one or two tricks.
First, download the certificate. For me it was a Verisign certificate. I did a search on the certificate title and determined it corresponded to the Verisign cert SVRSecureG3.cer, so I went to crl.verisign.com and grabbed it. (Note that .cer is the certificate and .crl is the certificate revocation list.)
Once you have the .cer, it’s unfortunately in binary mode. Use openssl (which is included as part of Cygwin for Windows users) to convert it to a .crt:
$ openssl x509 -in SVRSecureG3.cer -inform DER -out SVRSecureG3.crt -outform PEM
Install that .crt on the root of the removable SD card. For Samsung devices, this means it will have to be in /mnt/sdcard/external_sd/.
Go to the Settings app, and select “Location and security”, then “Install encrypted certificates”. You will be prompted with a dialog for the Certificate name; I just took the default. Click “OK”.
You’ll be prompted to enter a password for credential storage. Do not forget this password.
At this point, the credential has been imported. Next time you visit the website, you should not get a bad certificate.