This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Samsung Galaxy not accepting Web Filtering Certificate from User Portal

So I reset my andriod phone and am getting it going again.

Trying to use it behind the UTM, I'm getting certificate errors (of course).

Installing them is problematic.  I'm wondering if something has changed.

I've logged into the user portal and downloaded the .CRT file.

My Samsung Galaxy S22 Ultra doesn't recognize the  file.  The error I get is "No Certificate to Install"

Do I need to convert this file to something else?
The current file is in the form xyz.crt and is 4.37KB.



This thread was automatically locked due to age.
  • Should work. I installed the CA-certificate at a new Samsung phone 3 weeks ago.

    But don't remember ... possible i have to change the file extension ...? Would try .cer or .der


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • I had trouble with installing a certificate on my Samsung Galaxy S9.  I found that if I plugged it into a computer via USB and enabled debugging after visiting the site with the certificate.  I then opened Chrome on the computer, and using the Dev Tools in Chrome, I was able to install the certificate.  I kind of followed this:  Make SSL certificate trusted by Chrome for Android - Android Enthusiasts Stack Exchange

  • The reaon why it won't work is due to sites using HSTS. https://sectigostore.com/blog/how-to-disable-hsts-in-chrome-firefox/

    And it still might not work:

  • When I tried downloading the certificate directly from the Web admin  on my Android device, it automatically tried to install the certificate. When you download the certificates to your PC and transfer them to your Android device manually using a USB cable, then you can install the certificate twice. Once for "WiFi", and a second time for "VPN and Apps"

    The problem is the certs show up in user certs but I don't think they are appearing in the official trusted android certificate store. You need to add google's sites to the Webfiltering exceptions to bypass SSL scanning for these sties, otherwise when you enable wifi, it will not connect.

    Disable SSL scanning going to these networks:

    ^https?://([A-Za-z0-9.-]*\.)?googleapis\.com/
    ^https?://([A-Za-z0-9.-]*\.)?google\.com/
    ^https?://play\.googlezip\.net/
    ^https?://([A-Za-z0-9.-]*\.)?gvt1\.com/[A-Za-z0-9.-]*
    ^https?://app-measurement\.com/
    ^https?://([A-Za-z0-9.-]+\.)*google\.com/