Certificates of Certification Authority (CA) on Xiaomi smartphones are often automatically installed when you connect to corporate networks, use work mailboxes or install specific applications. These certificates can monitor traffic, block access to certain sites or even create security vulnerabilities. If you find an unknown certificate on your Redmi, POCO or Mi, it is better to remove it.
In this article, we will discuss why CC certificates are dangerous, how to find them in the system, and most importantly, 5 proven methods of deletion (including hidden methods for stock firmware MIUI). We will pay special attention to the nuances for devices with unlocked bootloader and root rights. If you are afraid to break the phone, do not worry: we will describe each step in detail and warn about the possible risks.
Why CC certificates are dangerous for your Xiaomi
Certificate Authority (CS) certificates are originally designed to protect data, but in the hands of malicious or unscrupulous employers, they become a surveillance tool.
- π Traffic interception: The certificate allows you to view encrypted data (for example, passwords from social networks or banking applications) when connecting to Wi-Fi with a computer. MITM-attack.
- π« Website Blocking: Some corporate CSs restrict access to resources (e.g. vk.com or telegram.org).
- π‘οΈ Security Vulnerabilities: Obsolete or compromised certificates can be used to attack your device.
- π± Application conflicts: For example, Google Pay or banking apps may fail to work after discovering a third-party DSP.
On Xiaomi devices, certificates are often installed covertly through:
- π§ Corporate Mail (Microsoft Exchange, Gmail with Administrator Policies).
- π Connecting to working Wi-Fi with mandatory certificate installation.
- π¦ Remote management applications (such as MobileIron or VMware Workspace) ONE).
β οΈ Note: If the certificate is installed by the device administrator (for example, through Android Device Policy), its deletion can lead to the blocking of corporate services or even remote reset of the phone. β Passwords and security β Device administrators.
Where to look for certificates on Xiaomi: step-by-step analysis of the menu
Before you delete a certificate, you need to find it. On Xiaomi, the path depends on the version of MIUI and the phone model. We will look at two main scenarios: for user certificates (manually installed) and system certificates (preinstalled).
Open the settings and follow one of the paths:
| MIUI version | The path to certificates | Notes |
|---|---|---|
| MIUI 12β14 | Settings β Passwords and security β Additional β Encryption and credentials β User certificates | On some models (Redmi Note 10, POCO X3), the item is called "Security credentials". |
| MIUI 11 and older | Settings β Additional β Privacy β Account data β Storage of credentials | You may need to enter PIN-code. |
| Android One (such as Mi A3) | Settings β Security β Additional β Encryption and credentials β User certificates | The interface is closer to pure Android. |
If you see unknown names on the certificate list (e.g., DST Root CA X3, GlobalSign or corporate ones like CompanyName Root CA), they should be removed.
- π User-generated β can be removed without risk.
- π System β removed only with root rights (more on this below).
β οΈ Note: Do not delete certificates with Android, Google or Google names MIUI β Also avoid removing certificates associated with Let's Encrypt (used to HTTPS-webpage).
π‘
If you're not sure which certificate to remove, take a screenshot of the list and check the names through a Google search, for example, a query "DigiCert Global Root CA is safe?" will show whether the certificate is system-based or not.
Method 1: Remove the certificate through settings (without root rights)
This is the simplest method that works for user certificates (manually installed or via apps) and it requires no special knowledge and is suitable for 90% of cases.
Instructions:
- Open Settings β Passwords and Security β Additional β Encryption and credentials β User Certificates.
- Click on the certificate you want to remove.
- In the window that opens, select Delete (or Disable if deletion is not available).
- Confirm the action by entering PIN-code.
If the Remove button is inactive, it means:
- π Password-protected certificate (try entering a password from Wi-Fi or corporate mail).
- π’ The certificate is installed by the administrator of the device (see section about resetting settings).
- π§ Systemic Certificate (requires root rights).
Backup important data |Remember or photograph the list of certificates |Check whether the certificate is system |Make sure that the phone is charged at least 50%-->
Method 2: Reset security settings (if deletion is blocked)
If the certificate is installed via Android Device Policy or other MDM-So, a solution (like Hexnode or Miradore) that can't be removed in the standard way, and in this case, a security reset will help, which will delete all user certificates, Wi-Fi passwords and account data, but will not affect personal files.
How to reset:
- Go to Settings β About Phone β Settings Reset β Reset Wi-Fi, mobile network and Bluetooth settings (on some models, the path may be different).
- Select Reset Settings and confirm the action.
- After the reboot, check the certificate list β corporate CAs should disappear.
If this method doesnβt work, youβll have to resort to a full factory reset (see next section).
- π± Uninstall the application through which the certificate was installed (for example, Microsoft Authenticator or VMware Boxer).
- π Disable the device administrator in Settings β Passwords and security β Device administrators.
β οΈ Note: Some Xiaomi models (e.g. Redmi) 9A or POCO M3) Resetting security settings can result in the removal of fingerprints and facial data!
Method 3: Complete reset to factory settings (extreme case)
If the certificate is set as a system or protected by MDM policies, it can only be deleted with a complete reset, which erases all data from the phone, so use it last.
Step-by-step:
- Back up important data (photos, contacts, messages) through Settings β About Phone β Backup and Reset β Local Backup or Mi Cloud.
- Go to Settings β About Phone β Resetting β Delete all data.
- Enter. PIN-code and confirm reset.
- After the reboot, set the phone as new. CC certificates will be deleted.
If the certificate appears again after reset, it means:
- π It is pre-installed in the firmware (needs a firmware or root rights).
- π It is installed automatically when connected to a specific Wi-Fi network (check the router settings).
What if the phone needs an old password after resetting?
Method 4: Removal of System Certificates with Root Rights
Removing system certificates (such as those preinstalled by a carrier or in corporate firmware) will require root rights, a method suitable for advanced users, as improper actions can lead to a loss of warranty or a βbrickβ of the device.
What you need:
- π± Unlocked bootloader on Xiaomi.
- π§ Installed Recovery (TWRP Or OrangeFox).
- π» Computer with ADB and Fastboot.
- π Root rights (for example, through Magisk).
Instructions:
- Install Root Explorer or FX File Explorer on your phone with root rights support.
- Go to /system/etc/security/cacerts/.
- Find the certificate file (usually with the.0 or.crt extension) and delete it.
- Reboot the phone.
Alternative method through ADB:
adb shell
su
mount -o rw,remount /system
rm /system/etc/security/cacerts/name of certificate.0
rebootβ οΈ Note: Deleting system certificates can lead to errors in the browser, applications and even the inability to update MIUI airborne (OTA). Before deleting, back up the cacerts folder!
π‘
If you are not sure about your root rights skills, you should consult a specialist. Incorrect deletion of system files can lead to a bootloop cycle.
Method 5: Flashing the phone (to remove the embroidered certificates)
On some Xiaomi models (for example, Redmi Note 8 Pro or Mi 9T), the certificates of the CC are sewn into the operatorβs firmware or corporate assembly MIUI. In this case, only a full flashing on the clean version will help.
What needs to be done:
- Download the official firmware for your model from the Xiaomi Firmware website (choose Global or EEA region).
- Unlock the bootloader through the Mi Unlock Tool (instructions on the official website).
- Install firmware via Fastboot or TWRP (for Fastboot, use the command fastboot flash all file name.zip).
After flashing:
- β All CC certificates will be removed.
- β οΈ The warranty may be revoked (unless official unlocking methods are used).
- π You may need to reset all accounts.
For models with a MediaTek processor (for example, Redmi 10C or POCO C40), the flashing process is more complicated - you will need the SP Flash Tool and authorization through your Xiaomi account.
What to do if the certificate appears again
If the CC certificate is returned after removal, it means that it is automatically installed.
| Reason. | Decision |
|---|---|
| MDM Corporate Policy | Uninstall the administrator app (such as Android Device Policy) or contact the IT-lock-out. |
| Wi-Fi (captive portal) settings | Connect to another network or reset your Wi-Fi settings to Settings β Network & Internet β Wi-Fi β Additional β Reset settings. |
| Viral SO | Check your phone with an antivirus (such as Malwarebytes or Dr.Web) and remove suspicious apps. |
| Firmware with pre-installed certificates | Reflash the phone to a clean version of MIUI (see Method 5). |
If the problem is with the work phone, it is better to agree on the removal of the certificate from the IT-Some companies have disciplinary penalties for self-deletion of corporate certificates.