How to install SSL certificates on Android TV / Amazon Fire TV devices
by Riley MacDonald, October 23, 2017

Amazon Fire TV has no interface for installing SSL certificates. Earlier this year I wrote a post “how to set proxy server settings on Amazon Fire TV”. This post extends beyond that describing how to install an SSL certificate in order to enable SSL proxying.

Generate a Charles SSL .pem certificate
To generate a certificate navigate to Help -> SSL Proxying -> Save Charles Root Certificate. Save the .pem file to the res/raw resources directory of your project.

Create an XML configuration
Add a new XML file in the res/xml directory of your project containing the following:

1
2
3
4
5
6
7
8
9

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <debug-overrides>
        <trust-anchors>
            <certificates src="@raw/charles_ssl_cert" />
            <certificates src="user" />
        </trust-anchors>
    </debug-overrides>
</network-security-config>

Add the configuration to the Android Manifest
This configuration works with Android 7+. Most TV devices are running an OS of this level or greater. Add the following networkSecurityConfig entry to the Android Manifest application xml node.

1
2
3

<application
    android:networkSecurityConfig="@xml/network_security_config
    ...

Enable SSL Proxying in Charles
Enable SSL proxying in Charles by navigating to Proxy -> SSL Proxy Settings and checking the “Enable SSL Proxy” checkbox. If done correctly you should now be able to see the unencrypted request/responses of HTTPS calls.

Back to blog
Open the comment form

Leave a comment:

Comments will be reviewed before they are posted.

User Comments:

JeanCarlos Chavarría on 2018-12-27 22:00:41 said:
According with https://developer.amazon.com/docs/fire-tv/system-xray-developer-tools.html, You can enable developer tools in two ways: 1. Remote Control: On the directional pad, press and hold the center and down together (simultaneously) for 5 seconds; then release the buttons and press the remote's menu button. 2. If ADB is enabled on the Fire TV and a computer is connected, you can run the following command to invoke the dialog box: adb shell am start com.amazon.ssm/com.amazon.ssm.ControlPanel
Riley MacDonald on 2017-11-09 17:40:06 said:
Unfortunately I don't know of a way around this limitation. Please post here if you find a way around it.
Drew Ingebretsen on 2017-11-06 19:23:02 said:
It seems like a catch 22. On Fire OS 5 there isn't a way to install a trusted Charles cert. And on Fire OS 6, there isn't a way to set up a proxy. Do you know of any way to debug SSL encrypted traffic using Charles on a Fire TV that you know of? Or is it just not possible at this time.
Riley MacDonald on 2017-11-05 13:34:40 said:
Thanks for posting this information Drew. Unfortunately I don't have a solution for Fire OS 6+. Amazon has made development on their platform challenging.
Drew on 2017-11-03 21:06:08 said:
On the new Fire TV devices, one running Fire OS 6+, how do you enable a proxy server? It looks like AndroidProxySetter (https://github.com/jpkrause/AndroidProxySetter/issues/21) doesn't work on Fire OS 6+.
Riley MacDonald on 2017-11-01 13:10:38 said:
I can only assume this is due to OS 5.2.6.0 on the Amazon Fire Stick. My post mentions that this approach requires Android 7+. I'm unfortunately facing the same issue on older Amazon releases where I'm completely unable to debug https calls. If anyone knows a workaround for this please let us know!
Ajith on 2017-10-31 02:27:56 said:
Hi Riley, Thanks for your update. I was able to add charles proxy certificate and the xml configurations as you mentioned and generated the apk file. Deployed it to fire TV stick with OS version 5.2.6.0 but https connections are still failing. Please provide your inputs.
Riley MacDonald on 2017-10-30 13:23:16 said:
Hi Ajith, If these directories don't exist you'll need to add them to your project. If you're using Android Studio for development you can add them using the GUI. Open the project view and right click on your /res folder (app/src/main/res). Choose new -> Android Resource Directory and you can choose "raw" and "xml" from the menu. Otherwise you'll need to create the directories yourself. See the official Android documentation regarding this https://developer.android.com/guide/topics/resources/providing-resources.html
Ajith on 2017-10-30 08:00:18 said:
Hi Riley, Thanks for the post. I was looking for the solution for installing ssl certificate in fire TV stick..I have referred your code Andorid proxy setter master branch..but could not find the res/xml or res/raw folders in the project..could you please help me. Regards, Ajith