Cert-Fixer is a Magisk module that installs custom CA certificates to Android's system certificate store. This module is tested/known to work on Android 10, 12, 13, 14, and 15 (API 33, 34, and 35).
Tested on AVD Emulators: Pixel 9 API 35 (Android 15), Pixel 8 API 35 (Android 15), Pixel 8 API 34 (Android 14)
Physical devices: Samsung S9 (Android 10), Samsung S10 (Android 12), Readme (Android 13), Pixel 8 (Android 14), Xiaomi Poco X3 (Linageos 21)
Note: Some of the above physical devices were tested and confirmed by community users.
- Root your Android device using rootAVD (rootAVD uses Magisk).
- Complete any pending updates for Magisk, and make sure you have the latest Magisk version.
- Download
Cert-Fixer.zipand install Cert-Fixer module in Magisk. - Install your custom CA certificate under user certificate store.
- Reboot.
Cert-Fixer copies all user certificates to the system store during boot-up. - Your user certificates should now be available in the system store!
- Cert-Fixer copies all the CA certificates from the user store to the system store. Make sure you do not have any untrusted certificates in the user store before reboot.
- If there are multiple versions of the same certificate (same hash, but different extensions), only the latest certificate will be copied.
- You can install multiple certificates simultaneously.
Since Android 14 (API 34), it has become too hard to add custom certificates to the system store. This is because the system certificates are now stored in APEX (Android Pony EXpress) containers which are immutable. Now, /apex/com.android.conscrypt/cacerts is the file location for the system CA certificates.
Tim Perry has discussed the changes and motivation behind them in his blog post. AdguardTeam has done a nice implementation of this in their adguardcert Magisk module. Adguardcert module copies their CA certificate at boot time, right after /data is decrypted and mounted (Refer to Android initialization stages). Cert-Fixer is an adoption of the Adguardcert implementation. All credit to Tim and Adguard for finding the technique.