Suitable browsers for Android system on portable devices
(status: 2021)
Portable devices, as smartphones, are frequently powered by the Android operating system (OS). The Android system (version 10) has its own certificate repository you can see in the application Settings -> Security -> Advanced Settings -> Enciphering & Credentials -> Trusted credentials (basically the CAs root certificates). You can see the SYSTEM part and the USER part. You are able to add CAcert roots (both Class 1 and Class 3) into the USER part from e.g. the removable memory card or another place, where these roots are saved as files (CAcert: root.crt & class3.crt).
Your client certificates are stored under the Settings -> Security -> Advanced Settings -> Enciphering & Credentials -> User ID data. These are your client certificates with private keys, and you can install them from .p12 or .pfx backup files (containing your certificate & corresponding private key).
More about installing roots into Androids: read here.
Available browsers
You can find many browsers in the Google Store application. Unfortunately, only the minority of them work properly with certificates stored in the system repository (or at least its USER part).
Usable browsers
The following browsers are usable to work with CAcert webs, as main www/secure, wiki, bugs, CATS, blog etc. Unfortunately again, none of them is able to produce a CSR and therefore you will be unable to create a certificate using them.
Browser name |
supports user added roots |
supports client certificates |
Chrome & Beta Chrome |
yes |
yes |
Edge |
yes |
yes |
Brave |
yes |
yes |
Vivaldi |
yes |
yes |
Kiwi |
yes |
yes |
SuperFast |
yes |
yes |
Adblock Free |
yes |
yes |
Power Fast |
yes |
yes |
Ecosia |
yes |
yes |
Yandex alpha & beta |
yes |
yes |
Less usable browsers
The following browsers are of limited use to work with CAcert webs. You can login with username/password only - the certificate login does not work. These browsers consider user-added root certificates and system pre-installed CAs' roots or their own pre-installed roots and (possibly) support client certificates issued by that CAs (1).
Browser name |
supports user added roots |
supports client certificates |
RITS |
yes |
no (1) |
Moon |
yes |
no (1) |
Monkey |
yes |
no (1) |
Fulldive |
yes |
no (1) |
Styx |
yes |
no (1) |
Unusable browsers
The following browsers are completely unusable. You cannot use HTTPS for CAcert webs at all. These browsers do not consider client and/or user-added root certificates, or they use only system pre-installed CAs' roots or their own pre-installed roots and (possibly) support client certificates issued by that CAs (1). Some browsers allow to enter a CAcert web using HTTPS only after a security warning (2).
Recently, there has been a trend where browsers consider all CAs, that do not have their root certificates already shipped with the system or application, to be untrusted. Again, unfortunately for CAs like CAcert.
Browser name |
supports user added roots |
supports client certificates |
Opera & clones |
no (2) |
no (1) |
Firefox & clones |
no |
no (1) |
Maxthon |
no (2) |
no (1) |
Tor |
no (2) |
no (1?) |
DuckDuckGo |
no (2) |
no (1?) |
Seznam |
no |
no (1?) |
UC 2021 & clones |
no |
no (1?) |
Avast |
no |
no (1?) |
Aloha |
no |
no (1) |
Mi Pro |
no |
no (1) |
Web 2021 & clones |
no |
no (1?) |
Dolphin |
no |
no (1?) |
Puma |
no (2) |
no (1?) |
Mint |
no |
no (1?) |
Puffin |
no |
no (1?) |
Incognito |
no |
no (1?) |
Via |
no |
no (1?) |
NextWord |
no |
no (1?) |
APUS |
no |
no (1?) |
PureWeb |
no |
no (1?) |
Cake |
no |
no (1?) |
SmartSearch |
no |
no (1?) |
Soul |
no |
no (1?) |
Hot |
no |
no (1?) |
Other small portable devices with another OSes
There is an expectation that another OSes (as iOS, MacOS, Windows 10 Mobile) can use the same browsers, and thus the results may be very similar to those on the Android. After all, the certificate processing is the issue of every single browser, and system certificate repositories are merely a support from the OS.