diff --git a/core/java/src/net/i2p/crypto/KeyStoreUtil.java b/core/java/src/net/i2p/crypto/KeyStoreUtil.java
index fb690b7cf6d4c1750b34f55d3d5107bfaf1e9211..3cd641ad684a81a4c7ecd7cadc6185a23f4b7701 100644
--- a/core/java/src/net/i2p/crypto/KeyStoreUtil.java
+++ b/core/java/src/net/i2p/crypto/KeyStoreUtil.java
@@ -229,7 +229,12 @@ public class KeyStoreUtil {
             try {
                 cert.checkValidity();
             } catch (CertificateExpiredException cee) {
-                error("Rejecting expired X509 Certificate: " + file.getAbsolutePath(), cee);
+                String s = "Rejecting expired X509 Certificate: " + file.getAbsolutePath();
+                // Android often has old system certs
+                if (SystemVersion.isAndroid())
+                    warn(s, cee);
+                else
+                    error(s, cee);
                 return false;
             } catch (CertificateNotYetValidException cnyve) {
                 error("Rejecting X509 Certificate not yet valid: " + file.getAbsolutePath(), cnyve);
@@ -463,6 +468,11 @@ public class KeyStoreUtil {
         log(I2PAppContext.getGlobalContext(), Log.INFO, msg, null);
     }
 
+    /** @since 0.9.17 */
+    private static void warn(String msg, Throwable t) {
+        log(I2PAppContext.getGlobalContext(), Log.WARN, msg, t);
+    }
+
     private static void error(String msg, Throwable t) {
         log(I2PAppContext.getGlobalContext(), Log.ERROR, msg, t);
     }