Moving certificate is not an option anymore

[ameshkov]

Due to the CT limitations, moving certificate will cause issues with the browser.

Temporary solution: do not generate certificates with NotBefore newer than April 30, 2018 when cert store is "System".

We should think about what to do with it.

[sfionov]

This temporary solution worked before Chrome 100 release.

In Chrome 100 release, they decided to make CT timestamps mandatory for system certificates, effectively disabling any HTTPS filtering certificates moved to system.

Targeting this, we released another solution using adguardcert module. However, this solution required Zygisk, which could break some apps.

Finally, correct solution was implemented in Adguard for Android 4.2 nightly 10 🎉

With this version you may install second, "intermediate" certificate into user storage, and use new version of adguardcert module to move the first certificate into system.

Then, both certs will be in certificate chain for sites.

One of them is in system store - this cert will be visible to non-browser apps and HTTPS filtering will be available.
Second of them is in user store - when Chrome sees cert in chain in user store, it automatically disables CT timestamp requirement.