Custom Certificates
May 18, 2026 · View on GitHub
This module is based on AdGuard Certificate and custom-certificate-authorities. It is not compatible with those modules, so remove them before using this one.
To hide tmpfs traces that may be detected by some root detection apps, this module now supports meta-hybrid_mount. Install it first.
Warning All user certificates will be copied to the system store after reboot. Trust them at your own risk.
If you are using an older version of meta-hybrid_mount, you need to manually add apex to its partitions list, otherwise this module may not work properly.
Simple Usage
- Trust the certificate(s) you want to use.
- Reboot.
Advanced Usage
Use this only if the system notification bothers you.
- Trust the certificate(s) you want to use.
- Using a root file explorer, move the trusted
subject_hash_old.Ncertificate file(s) from/data/misc/user/0/cacerts-addedto/data/misc/user/0/cacerts-custom. - Reboot.
WebUI
In KernelSU Manager, this module includes a built-in WebUI that can:
- List certificates from
/data/misc/user/0/cacerts-customand/data/misc/user/0/cacerts-added. - Show parsed certificate details.
- Move certificates between these directories.
- Import PEM/DER certificates, convert them, and save them to the target certificate storage location.
- Permanently delete certificates.
Warning Directory changes are written immediately, but system trust changes still require a reboot to fully apply.
This lets you manage certificates without digging through the deeply hidden system settings menus.
Acknowledgements
Thanks to @peculiar/x509 and @abraham/reflection. They make it possible to parse and format certificate data in this environment, where the OpenSSL CLI is not available.