DeviceCertTest provides the ability to test X.509 certificate based HTTPS/TLS client authentication. It also provides basic key pair and certificate management.

For Android 7.0+ devices.

DeviceCertTest provides the following operations:
• Test an HTTPS or TLS connection.
• Generate a key pair and self-signed certificate (RSA/EC).
• Generate a PKCS #10 certificate signing request (CSR) in a PEM format.
• Import a certificate for a key pair in a PEM format.
• Import a key pair in PKCS #12 or PEM format.
• Export a key pair in PKCS #12 format.
• Export a certificate in PEM format.
• View a key pair.
• View a certificate.
• View a PKCS #10 certificate signing request (CSR).
• Delete a key pair.
• Install a key pair in the Android KeyChain.

A log is maintained of all operations. The Log itself has the following operations:
• View Log
• Export Log
• Clear Log

Note that a “key pair” will always be bundled with its public key certificate.

When a key pair is generated, a self-signed certificate will also be created for the key pair. They will have the following attributes:
RSA: 2048 bit keys; SHA256withRSA signature
EC: P-256 keys; SHA256withECDSA signature

When generating a key pair, a User Principal Name (UPN) can be specified in the Subject Alternative Name (SAN) using the RFC822 format.

Once a key pair has been successfully tested, it can be “promoted” for testing in other apps by installing it in the Android KeyChain.

Operational Notes:
• This app will use CA certificates (trust anchors) from both the Android System and User trust stores. This allows key pairs to be installed in the KeyChain and used by other apps. User CA certificates can be imported using the Security Settings operation “Install from SD card” (or equivalent).
• To install a key pair in the Android KeyChain, the Lock Screen must be enabled (to secure the Android KeyChain).
• Uninstalling the app will result in the loss of all app data. Export any keys that you wish to retain. App data is retained for app updates.
• The selected key pair will always be used by the client side regardless of which key types or issuers are specified by the server side.
• The HTTPS test uses “HttpsURLConnection.connect()” to connect to the server.
• The TLS test uses “SSLSocket.startHandshake()” to connect to the server.
• The connection timeout is 1.5 seconds.
• The connection is maintained for 1 second and then closed.
• Import of encrypted private keys in PKCS #8 format (PEM), may not be supported depending on the type of PBE algorithm required.

DISCLAIMER: This app is made available for use at your own risk with no warranty of any kind.
Read more

What's New

First Release
Read more

Additional Information

Eligible for Family Library
Eligible if bought after 7/2/2016. Learn More
August 7, 2019
Current Version
Requires Android
7.0 and up
Content Rating
Offered By
kcSystems Inc.
193 Queen Street South Hamilton, ON L8P 4V6 CANADA
©2020 GoogleSite Terms of ServicePrivacyDevelopersAbout Google|Location: United StatesLanguage: English (United States)
By purchasing this item, you are transacting with Google Payments and agreeing to the Google Payments Terms of Service and Privacy Notice.