No fingerprint reader after adding self signed certificate

Step 1: Make the certs compatible (if they are not already)

At the very beginning we need to figure the file name of our the cert file. The name of the cert file is a hash one can obtain from the certificate itself. For this, one needs the openssl tools. On Unix/Linux the steps are then as follows:

# Obtain the hash – in my case that returned d6a2705a – so we have the file name

openssl x509 -inform PEM -subject_hash_old -in root.crt | head -1

# Copy the original file

cat root.crt > d6a2705a.0

# Append additional data

openssl x509 -inform PEM -text -in root.crt -out /dev/null >> d6a2705a.0

Step 2: Get the cert into our system cert chain

If your device is rooted, a solution to this is importing the certificate as system cert (not user-cert). You will need the command line for that, using either adb shell or a terminal app on-device. The following snippet assumes your certificate was already pushed to the SD card, saved as /sdcard/d6a2705a.0 (adjust that to your cert name), and you're at the command prompt of your device.

mount -o remount,rw /system

cp d6a2705a.0 /system/etc/security/cacerts/d6a2705a.0

chown root:root /system/etc/security/cacerts/d6a2705a.0

chmod 0644 /system/etc/security/cacerts/d6a2705a.0

mount -o remount,ro /system

Done. Now you should be able to use the cert – and as you do not have any "unsafe user certs", you're free to use whatever unlock mechanism you prefer.

^{A quick check shows all these steps are also described in the CaCert Wiki on how to create Android compatible certificate files from their original files. So my personal notes I took the above from might well originate here, at least partly.}