Add root certificates to B2G CA database

When you browse a website over HTTPS, the site presents a certificate to confirm that you're going to a known website; this certificate may be issued by a trusted certificate authority (CA) that is stored and signed in the system database. Certificates have expiration dates, and in the event of expired certificates, whether it is the website's or the system database's, the browser will show a "This Connection is Untrusted" warning to alert you of i.e. potential scam websites.

In October 2021, many KaiOS users were unable to visit almost every site as the IdenTrust DST Root CA X3 root certificate expired. Granted, the replacement ISRG Root X1 was available for a while at the time, but older KaiOS phones didn't have that.

On KaiOS, B2G manages its CA databases through several files under /data/b2g/mozilla/*.profile/: cert9.db for the certificates themselves, key4.db for cryptographic keys and pkcs11.txt. Occasionally, KaiOS may issue a Service Update through KaiStore, which has the permissions over your phone to patch the files with the latest database. But in some cases, you may need to do so by yourself.

Before you start: check if your phone is debug-enabled and can be rooted

WIP

• https://opengiraffes.top/en/manually-import-new-root-ca/
• https://kaios.dev/2023/02/advanced-kaios-development-cors-tcp-sockets-and-lets-encrypt-ssl-certificates/#lets-encrypt-ssl-certificate-issue
• https://wiki.archlinux.org/title/Network_Security_Services