I've been using CAcert for securing some of my services with TLS/SSL, and when I got my Android phone I chose K-9 mail over the stock e-mail client because as the certificate installation page on the official CAcert site stated, it required root access to access the system certificate store. Now, one year and two upgrades (ICS, JB) later, I revisited the issue.
As of this writing, the CAcert site contains another method that also requires
root access, but as Jethro Carr wrote in his blog, since at least ICS,
it's possible to install certificates without any witchcraft, using not only
PKCS12 but also PEM files. Since Debian ships the CAcert bundle, I used
that file, but it's also possible to download the files from
the official CAcert root certificate download page. Since I have Android
SDK installed, I used adb (Android Debug Bridge) to copy the certificate to
the SD card, but any other method (browser, FTP, e-mail, etc.) works too.
$ adb push /usr/share/ca-certificates/cacert.org/cacert.org.crt /sdcard/
2 KB/s (5179 bytes in 1.748s)
On the phone, I opened Settings > Security, scrolled to the bottom, and selected Install from storage. It prompted for a name of the certificate, and installed the certificate in a second without any further questions asked.
After this, the certificate can be viewed and by opening Trusted credentials and selecting the User tab, and browsing an HTTPS site with a CAcert-signed certificate becomes just as painless and secure as with any other built-in CA.
