I had recently swapped from a Motorola Droid1 to a Motorola Droid2, and was hit with an issue that was a bit perplexing.

It seems that accessing services (Citrix) and sites which use an SSL certificate issued by GeoTrust, resulted in notification that the the RootCA is not trusted.  These same sites and services worked fine on my Droid1, so something must be different with the default certificates that were shipped with the devices.

The certificates that are currently installed on the phone are found in the systemetcsecuritycacerts.bks file.

I had copied the cacerts.bks file to my PC, and investigated what certs from GeoTrust/Equifax were contained in there.  It seems that the RootCA cert was not the correct one, so I downloaded the latest one from the GeoTrust site and added it to my cacerts.bks file.   If you do not know how to add certificates to your Android phone,  please follow directions below.

You will need to be on a Rooted phone to update the file on your system.

  1. Download the cacerts_wGeoTrustRoot.zip file which has the latest Geotrust cert in it.
  2. Extract cacerts.bks from the Zip file in step 1.
  3. Simply use your Root file manager of choice (Astro,  SUFBS, Root Explorer, etc) and backup or rename your systemetcsecuritycacerts.bks file. (Remember to set your system to RW)
  4. Copy the cacerts.bks file from step 1 into the systemetcsecurity directory on your phone.
  5. Reboot the phone, and now those sites and services should now be trusted and work.

This same update might work on the DroidX as well, but I cannot confirm.  I used the instructions posted here for others who might want to update their own cacerts.bks files.

I had tried tools like the droidCert tool to no success, but this could be that I was adding a RootCA cert. I see there is a current feature request for better certificate management file on the Google code site, so hopefully this will not be as painful in the future.

Android really does need better certificate management if it hopes to be adopted by enterprises who have their own private RootCAs.

Update: I was informed that GeoTrust RootCA was added in Android 2.3 as per this link.  So this should only be affecting lower revision OS’s.