Removing the CC Certificate on Xiaomi: A Complete Security Guide

Xiaomi and Redmi smartphone owners often face the need to set up corporate email or install specific applications that require security certificates, but sometimes they lead to alerts about untrusted connections or, worse, to blocking banking applications, because a Certificate Authority (CA) certificate appears on the system that intercepts traffic or raises suspicions among security systems.

Removing this element is a critical procedure to restore the normal operation of the device, and having someone else's or unknown certificate in the system store allows third parties to decrypt your device. HTTPS-In this article, we will discuss how to find and delete suspicious files, returning the phone to its original level of protection.

The process of cleaning the storage of credentials in the shell of MIUI or HyperOS can be different from standard Android, which often leaves users confused. We will consider all possible ways to solve the problem, from standard settings to using the engineering menu if the usual method does not work.

Why you need to remove certificates on Android

CS certificates are digital passports that verify the authenticity of sites and applications. When you add a certificate manually, you are effectively telling the system, "I trust this source more than Google's built-in benchmarks." In the corporate environment, this is necessary for secure access to a company's internal networks, but in personal use it is a potential security hole.

Often users install these files themselves, trying to bypass locks or run modified versions of games without knowing the risks. Attackers can inject their root certificate through malware, gaining full control of encrypted traffic, which is why regularly checking the list of trusted DSs is a basic digital security hygiene.

Banking applications such as Sberbank Online or Tinkoff have built-in security mechanisms (Root detectors and environment integrity checks).If they detect user certificates in the system that can be used to swap traffic (Man-in-the-Middle attacks), the application can refuse to launch or display connection errors.

📊 Have you ever been blocked by banking applications?
Yes, there was a certificate warning.
No, but I read about this problem.
I have never had a problem with banks.
I don’t use banking apps on my phone.

Where to find the storage of credentials in MIUI

Xiaomi’s shell interface has its own navigation features, and the path to encryption and certificate settings can vary depending on the Android version and regional firmware (Global, China, EEA).

To find storage, you need to go to Settings → Passwords & Security → Privacy. In some versions of MIUI, this item may be simply called “Security” or located under “Special Features.” If the search for settings does not work, use the built-in search bar at the top of the settings menu by querying “certificate” or “trusted”.

It is important to distinguish between system and user storage, and the system certificates that are preinstalled by the manufacturer cannot be removed without the superuser rights (Root), and we are interested in the section User Certificates or Trusted Items, which displays files added by you or applications.

💡

Use a search by phone settings (a magnifier at the top of the settings screen) by entering the word “DS” or “Certificate” to instantly navigate to the desired menu without wandering through sections.

Step-by-step instructions for removing the certificate

The deletion process is simple enough if you know exactly where to click. Mistakes deletion of system files can cause some applications to fail, so keep a close eye on the names of the objects being deleted. We will only work with the user partition.

First, open the settings menu and find the security section, then proceed according to the algorithm:

  • 🔍 Click on "Privacy" or "Encryption and credentials".
  • 📂 Select the option “View CS certificates” or “Delete credentials".
  • 🗑️ Find a suspicious certificate (often with the name of the organization or just the date of creation) and click on it.
  • ✅ Confirm the removal by entering PIN-screen unlock code or pattern lock.

Once you do this, the system will recalculate the hash amounts of trusted roots, and if you delete the certificate that was used to run corporate email or VPN, the relevant applications will stop connecting until the credentials are re-installed, which is normal behavior to confirm the effectiveness of the cleanup.

☑️ Post-deletion check

Done: 0 / 4

What to do if the removal button is inactive

Sometimes users are faced with a situation where the certificate is visible in the list, but the Delete button is inactive (gray) or absent. This can occur for several reasons: the file is protected by device administrator rights, the certificate is embedded in the system partition (Root is required), or it is used by an active profile.

First, check the Device Administrators section. Go to Settings → Passwords & Security → Privacy → Device Administrators. If there is an unknown application or profile that you didn't install, disable its rights. Often, it is administrative rights that block the ability to modify the key store.

If disabling the administrator did not help, it is possible that the certificate was installed through the organization profile (MDM), in which case the option “Profiles” or “Work profile” may appear in the settings menu, deleting such a profile will completely clear the certificates and data associated with it.

⚠️ Note: If the certificate has the name of the system component (e.g. Android System or the name of the chip manufacturer), do not force it to be removed.

Using ADB commands for advanced users

For power users who can’t remove the certificate through a GUI, there is a method through USB debugging and a computer.This method requires installing Xiaomi USB Drivers and the SDK Platform-Tools platform on a PC.

Before you start, turn on the developer mode. To do this, quickly click on the build number in the About Phone menu 7 times. Then activate the "Debugging by USB" menu from the "Developers" menu. Connect the phone to your computer with a cable.

Open the command prompt on your computer in the ADB folder and enter the command to check the connection:

adb devices

Once you have confirmed authorization on your smartphone screen, you can try resetting the credential storage by command, although the standard ADB does not have a direct command to delete a specific user certificate without root rights.

adb shell pm clear com.android.certinstaller

This command clears the cache of the certificate installer. In more complex cases, if the phone has Root rights, delete files from the directory is used. /data/misc/user/0/cacerts_added/. Without superuser rights, opportunities ADB in this context are limited to resetting settings or cleaning the application cache.

Risks of using ADB
Using the ADB command line requires caution. An incorrect command can cause system services to fail. Always check the syntax of commands before entering. If you are not sure about your actions, you should limit yourself to the standard settings of the phone.

Table: Types of certificates and risks

To better understand what’s on your phone, check out the certificate classifications. Not all of them are dangerous, but knowing the differences will help you make the right decision about deletion.

Type of certificateSourceSecurity riskRecommendation
System (Root)Manufacturer (Google/Xiaomi)Absent.Don't touch it.
CorporateIT-works departmentLow (within the company)Remove on dismissal
User-generated (Unknown)Downloaded from the InternetHigh (traffic interception)Urgently remove
VPN / ProxyBypass applicationsMedium (depending on the provider)Remove if not used

As you can see from the chart, the main threat is user certificates with an unknown source, which is a red flag for any security system, and it takes a couple of minutes to audit the list regularly, but saves you from potential data leakage.

💡

The main sign of danger is the appearance of a certificate that you did not knowingly establish for work or study.

Prevention and protection against re-emergence

Once a device is cleaned successfully, it is important to prevent the threat from re-entering, and often certificates are installed along with free applications from unverified sources or when clicking on phishing links, and digital hygiene minimizes these risks.

First of all, refuse installation. APK-Google Play Protect and Xiaomi’s built-in virus scanner are able to weed out most threats. Also, don’t ignore browser warnings that “Connection is not secure” is often the first bell about certificate issues.

Update your operating system regularly. Android Security Bulletin security updates address vulnerabilities that could allow attackers to inject their root certificates without the user's knowledge. The current firmware version is your best shield.

⚠️ Note: If the certificate appears again automatically after deletion, it is a sign of active malware (virus) in the system.

Frequently Asked Questions (FAQ)

Can I delete all user certificates at once?
Yes, there's often a "Clear All" or "Delete All Credentials" button in the certificate management menu, which is a secure operation that will return the storage to a "Certificate Only" state, and you'll have to reconfigure only those services that required manual installation.
Why did Wi-Fi stop working after the certificate was deleted?
Some enterprise Wi-Fi networks (WPA2-Enterprise) require a specific certificate to authenticate, and if you delete it, the phone can no longer prove its identity to the network, you either need to re-instal the certificate, or you need to forget that network and connect as a guest if possible.
Is it dangerous to drop the certificates to the factory?
No, it's not dangerous. Reset only removes certificates that have been added manually by the user, and all the necessary system certificates required for the browser and applications to work will remain in place and will be restored automatically if necessary.
How do I know which application has installed the certificate?
In standard settings of Android and MIUI But if you've just got a certificate, remember what applications you were installing at that time. VPN-Customers, antiviruses or parental control apps: Checking the list of installed apps over the past week will help identify the source.