Comparison between replace the certificate

# Comparison between replace the certificate ## Info of the device * Sony Xperia S (LT26i) * Android 4.0.4 (6.1.A.2.55) ## Before replace the certificate ### Internal browser 1. Wikipedia ![Screenshot_2026-02-26-12-31-29](https://hackmd.io/_uploads/SkUA1IT_Zx.png) 2. Site hosted by mine ![Screenshot_2026-02-26-12-40-34](https://hackmd.io/_uploads/H1KzgUTdZx.png) ### Chrome 1. Wikipedia ![Screenshot_2026-02-26-12-28-03](https://hackmd.io/_uploads/HJX8eUTd-l.png) 2. GitHub ![Screenshot_2026-02-26-12-26-56](https://hackmd.io/_uploads/HkC8l86_Wl.png) ## After replace the certificate ### Internal browser Seems like the browser haven't supports the TLS algorithm by the sites 1. Wikipedia ![Screenshot_2026-02-26-12-40-18](https://hackmd.io/_uploads/HJ3OeU6_We.png) 2. Site hosted by mine ![Screenshot_2026-02-26-12-40-34](https://hackmd.io/_uploads/B14tgUa_-x.png) ### Chrome 1. Wikipedia ![Screenshot_2026-02-26-12-39-58](https://hackmd.io/_uploads/H1LybUTOZl.png) 2. GitHub ![Screenshot_2026-02-26-12-39-38](https://hackmd.io/_uploads/HJEg-LpdWx.png) ## The commands use to replace the certificate (adb way) 1. Push the uncompressed certificate files (After uncompress the tar.gz by 7-zip) ``` adb.exe push "C:\Users\username\Downloads\ca-certificates-refs_heads_main.tar\ca-certificates-refs_heads_main" /data/tmp ``` 2. Start the adb shell ``` adb.exe shell ``` 3. Grant the root permission, remount system (If needed) ``` $ su # mount -o remount,rw /system ``` 4. Delete all old certificates ``` # rm -rf /system/etc/security/cacerts/* ``` 5. Move new certificates to that folder ``` # mv /data/tmp/*.0 /system/etc/security/cacerts/ ``` 6. Grant right permission ``` # cd /system/etc/security # chmod -R 0644 cacerts/ # chmod 0755 cacerts ``` 7. Check it ![image](https://hackmd.io/_uploads/BJ8aXIadZe.png) ![image](https://hackmd.io/_uploads/BkebN8pdWg.png) 8. Reboot device ``` # Reboot ```