List of SSL/TLS root certificates
Before purchasing an SSL/TLS certificate for a web server, it is interesting to know whether the mobile device accepts the certificate.
Procedure
1. Download http://bouncycastle.org/download/bcprov-jdk16-141.jar and place it on $JAVA_HOME/jre/lib/ext/
2. get the certificates file
adb pull /system/etc/security/cacerts.bks cacerts.bks
3. List certificates with keytool.
keytool -list -v -storetype BKS \
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \
-keystore ~/Downloads/cacerts.bks.SE_X10 \
| grep ^Issuer | sort | cut -b 9-
Enter keystore password:
When prompted for password, push enter and ignore the warning. The result will be a list of TLS/SSL certificates that can be inspected. Example findings:
- Sony Ericsson X10 mini pro: RapidSSL not present.
No comments:
Post a Comment