With the number of servers I have internally, I have setup my own Certificate Authority and sign all my internal SSL certificates against this private CA.
This offers the useful advantage of being able to import the one CA certificate into all my devices and then being able to validate all connections to remote systems – if you run more than one or two personal servers, I’d highly recommend this approach – certificate signing takes a little bit of getting used to, but it’s a good skill to have.
As I want to access a number of systems via my Android mobile, I needed to import this CA file – the following instructions were followed with ICS release 4.0.3, however it may apply to earlier/later releases as well.
If you’ve followed most typical instructions for building your CA, you will have an PEM encoded CA certificate file in ASCII format. This is fine for import into most browsers and desktop OSes, however Android is particularly fussy with it’s input and requires a binary format only.
You can convert the CA PEM format file with the following command:
openssl x509 -inform PEM -outform DER -in CA.pem -out CA.crt
Then transfer the generated CA.crt file to the sdcard – easiest is via adb:
adb push CA.crt /sdcard/
Once done, you will be able to tell Android to install the CA file via Settings -> Security -> Credential Storage and selecting “Install from storage” and following prompts.
To verify functionality, easiest test is to access an https website signed with your CA certificate via the browser.