How To Install Charles SSL Certificate On Samsung

The Short Answer
The key is to rename the Charles certificate so it has a .pem extension; for some reason a .crt extension is added to the file when it is downloaded from the Charles proxy on a Samsung device. Once you've renamed the file, install it as a CA cert.

Longer Answer
Configuring Charles SSL proxying on Android is a bit tricky. The basic idea is that you:
  • Run Charles and enable SSL proxying
  • Configure Charles to proxy SSL traffic for specific hosts (or *:443 for all HTTPS traffic)
  • Configure your Android device to point to your Charles proxy (I do this from the command-line using the global http_proxy settings)
  • Install the Charles CA Root certificate as a user certificate on your device
    • See Help -> SSL Proxying -> Install Charles Root Certificate on a Mobile Device or Remote Browser
  • Configure your Android app to accept user certificates
    • Update the application element of your AndroidManifest.xml file to include a networkSecurityConfig attribute that points to your network-security-config XML resource... typically something like android:networkSecurityConfig="@xml/network_security_config"
    • Presuming you only want this special trust for user certificates in your debug builds, you'll want to add a debug-overrides element within your network-security-config element, with a user-certificate trust anchor, like the XML below

XML resource to tell Android it's okay to trust a user certificate when handling your app's HTTPS traffic
<certificates src="user" />
For me, this is all relatively familiar territory — this process is well documented. But for some reason I couldn't get it to work on a Samsung device. Then my co-worker and friend Nate ran into the same problem, and pinged me to see if I could help. We worked through it together, and ultimately discovered that the key was to remove the ".crt" extension from the downloaded certificate file on the Android device, and then install it.

How to Rename the Downloaded File
I used adb shell and then cd to change to the /sdcard/Downloads directory. Once the shell is in the correct directory, you can use ls to see the downloaded certificate file and mv to rename it.

Another approach is to use the Samsung "My Files" app that's probably on your phone. Launch the app, choose "Downlaods", long-press the file the select it, then choose "Rename" from the three-dots overflow menu at the bottom.

comments powered by Disqus