Install Multiple CA Certificate to System CA Store
Tested on Android 16 with KernalSU ✓
This Magisk/KernelSU/APatch module installs any CA Certificate into the Android System CA Store automatically during boot bypassing APEX, and enabling HTTPS traffic interception with tools like ProxyPin and Reqable.
This implimantation was forked from Magisk-ProxyPinCA by wanghongenpin
- Multiple CA Certificates Support
- Does not require installing Certificate to User
| Version | API | Status |
|---|---|---|
| Android 5.0 - 13 | 21-33 | Standard Magic Mount |
| Android 14 | 34 | APEX Bypass |
| Android 15 | 35 | APEX Bypass |
| Android 16 | 36 | APEX Bypass (Tested) |
- Download the System-Cert-Installer.zip file
- Install via Magisk/KernelSU/APatch Manager
- Reboot device
- Paste your certificates in /data/adb/modules/system-cert-installer/system/etc/security/cacerts. (or use WebUI from root manager after first reboot)
- Reboot device
- Go to Settings → Security → Trusted credentials → System
- Look for your certificates in system certificates
Access WebUI through your root manager's module settings:
| Feature | Description |
|---|---|
| Status Monitor | View module and APEX injection status |
| Re-inject | Manually trigger certificate injection |
| View Logs | Check module operation logs |
| Reboot | Quick reboot to apply changes |
Starting Android 14, CA certificates moved to APEX module (com.android.conscrypt).
This module implements:
- Namespace Injection - Mounts into zygote namespaces
- Dynamic Re-injection - Service script reinjects after boot
- Per-process Mount - All app processes see the certificate
- KernelSU: Settings → Enable "Allow untrusted modules"
- APatch: Settings → Security → Enable "Allow unknown sources"
GPL-3.0 License - See LICENSE for details.