How to securely remove Certificate Authority (CS) certificate from Xiaomi phone on Android

Certificates of Certification Authority (CA) on Xiaomi smartphones are often automatically installed when you connect to corporate networks, use work mailboxes or install specific applications. These certificates can monitor traffic, block access to certain sites or even create security vulnerabilities. If you find an unknown certificate on your Redmi, POCO or Mi, it is better to remove it.

In this article, we will discuss why CC certificates are dangerous, how to find them in the system, and most importantly, 5 proven methods of deletion (including hidden methods for stock firmware MIUI). We will pay special attention to the nuances for devices with unlocked bootloader and root rights. If you are afraid to break the phone, do not worry: we will describe each step in detail and warn about the possible risks.

Why CC certificates are dangerous for your Xiaomi

Certificate Authority (CS) certificates are originally designed to protect data, but in the hands of malicious or unscrupulous employers, they become a surveillance tool.

  • πŸ” Traffic interception: The certificate allows you to view encrypted data (for example, passwords from social networks or banking applications) when connecting to Wi-Fi with a computer. MITM-attack.
  • 🚫 Website Blocking: Some corporate CSs restrict access to resources (e.g. vk.com or telegram.org).
  • πŸ›‘οΈ Security Vulnerabilities: Obsolete or compromised certificates can be used to attack your device.
  • πŸ“± Application conflicts: For example, Google Pay or banking apps may fail to work after discovering a third-party DSP.

On Xiaomi devices, certificates are often installed covertly through:

  • πŸ“§ Corporate Mail (Microsoft Exchange, Gmail with Administrator Policies).
  • 🌐 Connecting to working Wi-Fi with mandatory certificate installation.
  • πŸ“¦ Remote management applications (such as MobileIron or VMware Workspace) ONE).

⚠️ Note: If the certificate is installed by the device administrator (for example, through Android Device Policy), its deletion can lead to the blocking of corporate services or even remote reset of the phone. β†’ Passwords and security β†’ Device administrators.

πŸ“Š How to find the certificate of the CC on your Xiaomi?
Self-contained in settings
The phone started to slow down.
Some applications are not working
I was told in IT-department
Other

Where to look for certificates on Xiaomi: step-by-step analysis of the menu

Before you delete a certificate, you need to find it. On Xiaomi, the path depends on the version of MIUI and the phone model. We will look at two main scenarios: for user certificates (manually installed) and system certificates (preinstalled).

Open the settings and follow one of the paths:

MIUI versionThe path to certificatesNotes
MIUI 12–14Settings β†’ Passwords and security β†’ Additional β†’ Encryption and credentials β†’ User certificatesOn some models (Redmi Note 10, POCO X3), the item is called "Security credentials".
MIUI 11 and olderSettings β†’ Additional β†’ Privacy β†’ Account data β†’ Storage of credentialsYou may need to enter PIN-code.
Android One (such as Mi A3)Settings β†’ Security β†’ Additional β†’ Encryption and credentials β†’ User certificatesThe interface is closer to pure Android.

If you see unknown names on the certificate list (e.g., DST Root CA X3, GlobalSign or corporate ones like CompanyName Root CA), they should be removed.

  • πŸ”„ User-generated – can be removed without risk.
  • πŸ”’ System – removed only with root rights (more on this below).

⚠️ Note: Do not delete certificates with Android, Google or Google names MIUI β€” Also avoid removing certificates associated with Let's Encrypt (used to HTTPS-webpage).

πŸ’‘

If you're not sure which certificate to remove, take a screenshot of the list and check the names through a Google search, for example, a query "DigiCert Global Root CA is safe?" will show whether the certificate is system-based or not.

Method 1: Remove the certificate through settings (without root rights)

This is the simplest method that works for user certificates (manually installed or via apps) and it requires no special knowledge and is suitable for 90% of cases.

Instructions:

  1. Open Settings β†’ Passwords and Security β†’ Additional β†’ Encryption and credentials β†’ User Certificates.
  2. Click on the certificate you want to remove.
  3. In the window that opens, select Delete (or Disable if deletion is not available).
  4. Confirm the action by entering PIN-code.

If the Remove button is inactive, it means:

  • πŸ” Password-protected certificate (try entering a password from Wi-Fi or corporate mail).
  • 🏒 The certificate is installed by the administrator of the device (see section about resetting settings).
  • πŸ”§ Systemic Certificate (requires root rights).

Backup important data |Remember or photograph the list of certificates |Check whether the certificate is system |Make sure that the phone is charged at least 50%-->

Method 2: Reset security settings (if deletion is blocked)

If the certificate is installed via Android Device Policy or other MDM-So, a solution (like Hexnode or Miradore) that can't be removed in the standard way, and in this case, a security reset will help, which will delete all user certificates, Wi-Fi passwords and account data, but will not affect personal files.

How to reset:

  1. Go to Settings β†’ About Phone β†’ Settings Reset β†’ Reset Wi-Fi, mobile network and Bluetooth settings (on some models, the path may be different).
  2. Select Reset Settings and confirm the action.
  3. After the reboot, check the certificate list – corporate CAs should disappear.

If this method doesn’t work, you’ll have to resort to a full factory reset (see next section).

  • πŸ“± Uninstall the application through which the certificate was installed (for example, Microsoft Authenticator or VMware Boxer).
  • πŸ”„ Disable the device administrator in Settings β†’ Passwords and security β†’ Device administrators.

⚠️ Note: Some Xiaomi models (e.g. Redmi) 9A or POCO M3) Resetting security settings can result in the removal of fingerprints and facial data!

Method 3: Complete reset to factory settings (extreme case)

If the certificate is set as a system or protected by MDM policies, it can only be deleted with a complete reset, which erases all data from the phone, so use it last.

Step-by-step:

  1. Back up important data (photos, contacts, messages) through Settings β†’ About Phone β†’ Backup and Reset β†’ Local Backup or Mi Cloud.
  2. Go to Settings β†’ About Phone β†’ Resetting β†’ Delete all data.
  3. Enter. PIN-code and confirm reset.
  4. After the reboot, set the phone as new. CC certificates will be deleted.

If the certificate appears again after reset, it means:

  • πŸ”„ It is pre-installed in the firmware (needs a firmware or root rights).
  • 🌐 It is installed automatically when connected to a specific Wi-Fi network (check the router settings).
What if the phone needs an old password after resetting?
If you reset your settings, but your phone asks you to enter a password from your previous Google account (FRP-Blocking, use the official unlock tool from Xiaomi: https://account.xiaomi.com/frp/unlock. This will require access to mail tied to the device.

Method 4: Removal of System Certificates with Root Rights

Removing system certificates (such as those preinstalled by a carrier or in corporate firmware) will require root rights, a method suitable for advanced users, as improper actions can lead to a loss of warranty or a β€œbrick” of the device.

What you need:

  • πŸ“± Unlocked bootloader on Xiaomi.
  • πŸ”§ Installed Recovery (TWRP Or OrangeFox).
  • πŸ’» Computer with ADB and Fastboot.
  • πŸ”‘ Root rights (for example, through Magisk).

Instructions:

  1. Install Root Explorer or FX File Explorer on your phone with root rights support.
  2. Go to /system/etc/security/cacerts/.
  3. Find the certificate file (usually with the.0 or.crt extension) and delete it.
  4. Reboot the phone.

Alternative method through ADB:

adb shell


su




mount -o rw,remount /system




rm /system/etc/security/cacerts/name of certificate.0




reboot

⚠️ Note: Deleting system certificates can lead to errors in the browser, applications and even the inability to update MIUI airborne (OTA). Before deleting, back up the cacerts folder!

πŸ’‘

If you are not sure about your root rights skills, you should consult a specialist. Incorrect deletion of system files can lead to a bootloop cycle.

Method 5: Flashing the phone (to remove the embroidered certificates)

On some Xiaomi models (for example, Redmi Note 8 Pro or Mi 9T), the certificates of the CC are sewn into the operator’s firmware or corporate assembly MIUI. In this case, only a full flashing on the clean version will help.

What needs to be done:

  1. Download the official firmware for your model from the Xiaomi Firmware website (choose Global or EEA region).
  2. Unlock the bootloader through the Mi Unlock Tool (instructions on the official website).
  3. Install firmware via Fastboot or TWRP (for Fastboot, use the command fastboot flash all file name.zip).

After flashing:

  • βœ… All CC certificates will be removed.
  • ⚠️ The warranty may be revoked (unless official unlocking methods are used).
  • πŸ”„ You may need to reset all accounts.

For models with a MediaTek processor (for example, Redmi 10C or POCO C40), the flashing process is more complicated - you will need the SP Flash Tool and authorization through your Xiaomi account.

What to do if the certificate appears again

If the CC certificate is returned after removal, it means that it is automatically installed.

Reason.Decision
MDM Corporate PolicyUninstall the administrator app (such as Android Device Policy) or contact the IT-lock-out.
Wi-Fi (captive portal) settingsConnect to another network or reset your Wi-Fi settings to Settings β†’ Network & Internet β†’ Wi-Fi β†’ Additional β†’ Reset settings.
Viral SOCheck your phone with an antivirus (such as Malwarebytes or Dr.Web) and remove suspicious apps.
Firmware with pre-installed certificatesReflash the phone to a clean version of MIUI (see Method 5).

If the problem is with the work phone, it is better to agree on the removal of the certificate from the IT-Some companies have disciplinary penalties for self-deletion of corporate certificates.

FAQ: Frequent questions about removing CS certificates on Xiaomi

Can I delete the certificate without resetting the settings?
Yes, if it's a user certificate. Go to Settings β†’ Passwords & Security β†’ Encryption & credentials β†’ User certificates and manually delete it. If the button is inactive, the certificate is protected by administrator policies, you'll need to reset.
Why do some websites not work after the certificate is deleted?
You probably deleted the system certificate that was used to verify the system. HTTPS-Connections (e.g. Let's Encrypt or DigiCert) Try: Reset network settings in Settings β†’ The Internet and the Internet β†’ Reset Wi-Fi, mobile network and Bluetooth. Update and time in Settings β†’ Additionally. β†’ Date and time (enable automatic determination) Reinstall the certificate (if secure).
How to check if the certificate is used for surveillance?
Install a NetGuard or PCAPdroid app and check which apps send data through encrypted connections. If traffic goes through a proxy server with the name of the certificate, it's exactly used for monitoring, and you can use online services like SSL Labs to analyze certificates.
Will Google Pay work after the certificates are deleted?
Google Pay requires that your device not have user certificates or root rights. If you only removed the corporate CS (not the system), and also: Did not install Magisk or other tools for root, did not change the firmware to custom, did not remove the system certificates of Google. β€” then Google Pay should work. If not, reinstall the application and add the card again.
Can I delete my Xiaomi certificate without a computer?
Yes, if it's a user certificate (see Method 1). System certificates without a computer require: Get root rights through applications like KingRoot (risky!). Use a root-enabled file manager (such as Root Explorer). However, we do not recommend getting root without a computer - there is a high risk of malware installation.