Adding custom root certificates to Android

While trying to setup a NetScaler VPX to allow my Droid X to connect to my Citrix lab environment I ran into a certificate issue.  I am using an in-house CA and apparently Google has not developed any easy means (that I could find) to import a third-party root CA.  To me this is vital to a business scenario.  Fortunately a guide Citrix has written has one method to add the certificate.

Unfortunately the process requires root access on the device.  Not everybody may have this, and businesses cannot really require their end users to do it.  While using this guide I would keep the following in mind.

  1. If you need to use adb shell and su to root, make sure the phone is unlocked so you can see it prompt you to approve the permissions.
  2. Make a back up of cacerts.bks on the device!  This makes for an easy restore using adb shell.
  3. adb push may fail unless the phone is in recovery for step 5.  Make sure if  you are in recovery you first “mount /system” from adb shell.

View the Citrix Support article CTX125431.  I also found a lot of information on adding p12/pfx certs, but had issues finding clear information on exporting one from my Windows 2003 Enterprise CA.

Update:  Citrix has since removed the article.  Go here for instructions now.  Remember, proceed at your own risk.

About Adam Oliver

Adam Oliver has been working in the IT field for over 10 years and is a Sales Engineer for Citrix Systems, Inc. Follow Adam on twitter at Find out more about Citrix at
This entry was posted in Android, XenApp and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *