Installing root certificates on Android devices

A root certificate is a public key certificate issued by a trusted certificate authority (CA). Root certificates are used to verify custom certificates and guarantee their identity.

Kaspersky Security Center lets you add root certificates to be installed on Android devices to a trusted certificate store.

These certificates are installed on user devices as follows:

• On devices operating in device owner mode, the certificates are installed automatically.

  If you delete a root certificate in policy settings, it will also be automatically deleted on the device during the next synchronization with the Administration Server.

• On personal devices (not operating in device owner mode):
  • If a work profile was not created, the device user is prompted to install each certificate manually in a personal profile by following the instructions in the notification.
  • If a work profile was created, the certificates are installed automatically to this profile. If the Duplicate installation of root certificates in personal profile check box is selected in work profile settings, the certificates can also be installed in a personal profile. The device user is prompted to do this manually by following the instructions in the notification.

    If you delete a root certificate in policy settings, it will also be automatically deleted on the device during the next synchronization with the Administration Server.

    For instructions on how to install certificates in personal profiles, please refer to Installing root certificates on the device.

To add a root certificate in Kaspersky Security Center:

1. In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
2. In the workspace of the group, select the Policies tab.
3. Open the policy properties window by double-clicking any column.

   Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.

4. In the policy Properties window, select the Root certificates section.
5. In the Root certificates section, click Add.

   The file explorer opens.

6. Select a certificate file (.cer, .pem, or .key) and click Open.

   The Certificate window opens.

7. View the certificate information and click Install Certificate.

   This starts the standard Certificate Import Wizard.

8. Follow the wizard's instructions.

   After the wizard is finished, the root certificate appears in the list of certificates.

9. Click the Apply button to save the changes you have made.

Mobile device settings are configured after the next device synchronization with the Kaspersky Security Center.

Page top