diff --git a/doc/installation/Android.md b/doc/installation/Android.md
index 9b88c03cad0..605d7a17a2a 100644
--- a/doc/installation/Android.md
+++ b/doc/installation/Android.md
@@ -25,6 +25,13 @@ Then open the Android Virtual Devices Manager and select (or create) a Virtual D
   keyPassword=
   ```
 
+### Install
+
+```sh
+./scripts/install_certificate_java.sh # this script ask root password
+direnv reload
+```
+
 ### 🔥 Firebase setup
 
 Download the `google-services.json` file from Keeper and place it inside the `android/app` directory. You can also download this file from the Firebase console.
diff --git a/scripts/install_certificate_java.sh b/scripts/install_certificate_java.sh
new file mode 100755
index 00000000000..57bcb4cb269
--- /dev/null
+++ b/scripts/install_certificate_java.sh
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+set -o errexit -o nounset -o pipefail
+
+SSL_CERT_FILE="$(realpath '/Library/Application Support'/*/*/data/*cacert.pem 2>/dev/null || true)"
+
+SCRIPT_FOLDER="$(dirname "$(realpath "$0")")"
+
+remove_certificate_bundle_safe() {
+	if [ -f "$SSL_CERT_BUNDLE_FILE" ]; then
+		sudo rm "$SSL_CERT_BUNDLE_FILE"
+	fi
+}
+
+has_certificate() {
+	echo "${KEYTOOL_PASSWORD}" |
+		sudo keytool -cacerts -list -alias "mykey"
+}
+
+remove_certificate() {
+	echo "${KEYTOOL_PASSWORD}" |
+		sudo keytool -delete -cacerts -alias "mykey" >/dev/null
+}
+
+remove_certificate_safe() {
+	remove_certificate_bundle_safe
+
+	if has_certificate; then
+		remove_certificate
+	fi
+}
+
+add_certificate() {
+	{
+		echo "${KEYTOOL_PASSWORD}"
+		echo "oui"
+	} |
+		sudo keytool -import -cacerts -file "$SSL_CERT_BUNDLE_FILE" >/dev/null
+}
+
+add_certificate_safe() {
+	if ! has_certificate; then
+		add_certificate
+	fi
+}
+
+if [ -f "$SSL_CERT_FILE" ]; then
+	SSL_CERT_DIR="$(dirname "$SSL_CERT_FILE")"
+	SSL_CERT_TENANT="$(realpath "$SSL_CERT_DIR"/*tenantcert.pem)"
+	SSL_CERT_BUNDLE_FILE="$SSL_CERT_DIR/cert-bundle.pem"
+
+	# remove_certificate_safe # to be able to debug, remove everything done, comment this when not debugging
+
+	if "$SCRIPT_FOLDER/is_proxy_enabled.sh"; then
+		if [ -f "$SSL_CERT_TENANT" ]; then
+			echo "Adding certificate for proxy in Java's keytool system requires root password"
+
+			if [ ! -f "$SSL_CERT_BUNDLE_FILE" ]; then
+				cat "$SSL_CERT_TENANT" "$SSL_CERT_FILE" | sudo tee "$SSL_CERT_BUNDLE_FILE" >/dev/null
+			fi
+
+			add_certificate_safe
+		fi
+	else
+		remove_certificate_safe
+	fi
+fi