Locate ZT Root Certificate

Copy the root.cer file, located in the ZebraTester’s RunTime Data folder (macOS) or the ZebraTester main folder (Windows).

macOS

Windows 10

Create a New Folder

• Paste the root.cer file into this folder for further processing

• In this example (macOS) the new folder was called 'rootcertfolder'

Convert root.cer to PEM Format

• CD (Change Directory) to your new folder

• Rename the file by entering a new name

openssl x509 -in root.cer -out [rootcertnewname.pem]

Example: openssl x509 -in root.cer -out rootcertzt55z.pem

In your new folder you will see the new PEM formatted file after running the command.

Extract original hash

We need to get the hash value from the original root certificate. Execute the following command that extracts this value to a new line.

openssl x509 -inform PEM -subject_hash_old -in rootcertnewname.pem | head -1

==> hashvalue

Example: openssl x509 -inform PEM -subject_hash_old -in rootcertzt55z.pem | head -1

==>9e8079bd

Temporarily rename the PEM file

Send the output of the PEM to the named file [hash value+extension of Zero '0'] with this concatinating command

cat rootcertnewname.pem > [hashvalue.0]

Example: cat rootcertzt55z.pem > 9e8079bd.0

Append the output of Information of the PEM file to contents of the just-named file above

openssl x509 -inform PEM -text -in rootcertnewname.pem -out /dev/null » hashvalue.0

Example:

openssl x509 -inform PEM -text -in rootcertzt55z.pem -out /dev/null » 9e8079bd.0

You should see the original hashvalue.0 file increase in size when you add the output of the PEM file.

Memu Player Steps (Memu is a Windows Application ONLY)

Do the following steps in Memu in Windows 10

Enable Root Mode

• Toggle the Root mode to ON

• Finish by restarting the Memu Play to enable the Root Mode

Set Developer Mode

After restarting, you need to use Android’s Developer Mode to be able to use the Root Certificate that you created earlier.

From Android (Tablet or Phone) Settings, scroll to the About Tablet/Phone and click in. Then scroll to the very bottom to Build Number and click that section 7 or 8 times until you see that you are now a developer.

Enable USB Debugging

Under Settings, now that you are a developer, there will be a {} Developer Options that will include a USB debugging Mode

• Turn On the USB debugging mode and confirm that you want to allow this mode

• This will then allow the next step, with the Android Debug Bridge, to import the root certificate to the Android system.

Import the Certificate File to the Android System

• Create a new folder C:\adb off of your C: Drive

• Copy the hashvalue.0 file (the example file 9e8079bd.0) to the C:\adb subdirectory and Change directory to C:\adb.

Connect ADB Server to the Memu Player

To start the server running at port 21503, enter:

C:\adb>adb connect localhost:21503

Proper response:

connected to localhost:21503

Push the new certificate into the Android System via ADB

Enter

C:\adb>adb push hashvalue.0 /system/etc/security/cacerts

Example

C:\adb>adb push 9e8079bd.0 /system/etc/security/cacerts

If you get the message:

failed to copy ‘9e8079bd.0’ to ,/system/etc/security/cacerts/9e8079bd.0’: couldn't create file: Read-only file system

this is because ADB is not running as root so do an ADP REMOUNT:

C:\adb>adb remount

And you should get
remount succeeded

And then re-enter that command

C:\adb>adb push 9e8079bd.0 /system/etc/security/cacerts

If this is run correctly, you will see how fast the push went:
Example: 1195 KB/S (5074 bytes in 0.025s)

Change Read Permissions of the new Root Certificate File for the Android system

Using the shell feature of ADB, change to the cacerts subdirectory to change the Root Certificate file permissions to read.

• Without this step the Android system won’t be able to ‘see’ the new Root Certificate File.

Change directory /etc/security/cacerts

Example

G011A:/etc/securitv/cacerts # chmod 644 ./9e8079bd.0

Verify Trusted Credentials in the Android System In the Memu Player

Follow Android Settings → Security → Trusted Credentials. Scroll down to find the Apica Certificate.