ICS: User-Installed CA Certificates Not Working

[gxyz]

I am struggling with Android 4.0, trying to connect with websites over an TLS connection. With the pre-installed root certificates everything works as expected, but with certificates that depend on a user-installed CA certificate there seems to be some fundamental problem. I tried it with the default Browser, Chrome and Firefox on a Motorola xoom (Android 4.0.4):

- with "Browser", I can install the CA certificates (they show up in settings/... afterwards), but every attempt to connect with a server that uses a certificate that is signed by the installed RootCA causes a crash
- Firefox crashes when downloading/installing the root certificate; connecting to a web server works, but of course without the root certificate the authenticity can't be verified
- Google Chrome produces a mixture of both - it will download & install the root certificate, but when connecting to the server it considers the server certificate as untrusted. When requesting detailled information about the certificate, it will show just the heading (something like "certificate viewer"), but no certificate

There seems to be a general problem with android 4.0 - I tried the same thing with AndroidX86 in a VM (only with the pre-installed Brwoser because the App store won't allow the device) with pretty much the same results.

Does anybody have any idea, what's going on? Searching google I couldn't find anything about this issue. I see the problem with 2 different root certificates, that are both issued with openssl, but otherwise have little in common. Fascinatingly, accessing WLANs using similar certificates works as expected ...

 

[chanchan05]

What phone do you have?

 

[gxyz]

What phone do you have?

... as I said, I tested a Motorola xoom tablet (Android 4.0.4, afaik straight from google) and a VM with AndoridX86 4.0.3, so it is nothing device-specific.
What's also worth mentioning - the certificates in question are pretty unsuspicious (known to work on Window, Linux & iOS with various browsers)

 

[popalot]

I'm having a similar problem.

I have a Nexus 4 with Jellybean 4.2.1 - no root. I exported a websites' security certificate from my PC then moved the .cer (X509 DER) file to the root folder on my "SD" card. I went into settings/security/install from storage. I get a pop-up identifying the certificate available to install. I click install and it says "install complete". Then I go into "Trusted Credentials" and the new certificate isn't there in the "System" or "User" installed certificates.

I tried an application called "Android Certificate Installer" from the Play Store and it didn't help.

While I can still browse the website, I can't download files from it. I tried the process after uninstalling my launcher (Nova) and security apps (AVG and Lookout) and it didn't help.

I did this process with my Motorola Droid X with Gingerbread (2.3.6) several months ago and it worked without incident.

Any ideas for a fix?