diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 956477b3854..0a72b752df7 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -1342,6 +1342,11 @@
             </intent-filter>
         </activity>
 
+        <activity android:name=".security.InstallCaCertificateWarning"
+                  android:theme="@style/GlifV3Theme.Light"
+                  android:exported="false">
+        </activity>
+
         <activity
             android:name="Settings$DeviceAdminSettingsActivity"
             android:label="@string/device_admin_settings_title"
diff --git a/res/drawable-hdpi/ic_warning_googred_48dp.png b/res/drawable-hdpi/ic_warning_googred_48dp.png
new file mode 100644
index 00000000000..70381dd06bb
Binary files /dev/null and b/res/drawable-hdpi/ic_warning_googred_48dp.png differ
diff --git a/res/layout/ca_certificate_warning_dialog.xml b/res/layout/ca_certificate_warning_dialog.xml
new file mode 100644
index 00000000000..d863b08aa4b
--- /dev/null
+++ b/res/layout/ca_certificate_warning_dialog.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (C) 2019 The Android Open Source Project
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<com.google.android.setupdesign.GlifLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    android:id="@+id/setup_wizard_layout"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent">
+
+    <LinearLayout
+        style="@style/SudContentFrame"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:orientation="vertical"
+        android:gravity="center_horizontal">
+
+        <ImageView
+            android:id="@+id/sud_layout_icon"
+            style="@style/SudGlifIcon"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:gravity="center"
+            android:src="@drawable/ic_warning_googred_48dp"/>
+
+        <TextView
+            android:id="@+id/sud_layout_title"
+            style="@style/SudGlifHeaderTitle"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:gravity="center"
+            android:text="@string/ca_certificate_warning_title"/>
+
+        <TextView
+            android:id="@+id/sud_layout_description"
+            style="@style/SudDescription.Glif"
+            android:layout_marginTop="16dp"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:text="@string/ca_certificate_warning_description"/>
+
+    </LinearLayout>
+
+</com.google.android.setupdesign.GlifLayout>
\ No newline at end of file
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 60febe7dff3..381ef57828e 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -5880,6 +5880,16 @@
     <string name="user_certificate">VPN &amp; app user certificate</string>
     <!-- Title of Wi-Fi certificate [CHAR LIMIT=30] -->
     <string name="wifi_certificate">Wi\u2011Fi certificate</string>
+    <!-- Title of warning shown to the user before they can install a CA certificate [CHAR LIMIT=NONE] -->
+    <string name="ca_certificate_warning_title">Your privacy is at risk</string>
+    <!-- Description of warning shown to the user before they can install a CA certificate [CHAR LIMIT=NONE] -->
+    <string name="ca_certificate_warning_description">CA certificates are used by websites, apps, and VPNs for encryption. Only install CA certificates from organizations you trust. \n\n If you install a CA certificate, the certificate owner could access your information, such as passwords, messages, or credit card details, from websites you visit or apps you use - even if that information is encrypted.</string>
+    <!-- Label for button to not install a CA certificate [CHAR_LIMIT=50] -->
+    <string name="ca_certificate_warning_dont_install">Don\u2019t install</string>
+    <!-- Label for button to continue installing a CA certificate [CHAR_LIMIT=50] -->
+    <string name="ca_certificate_warning_install_anyway">Install anyways</string>
+    <!-- Toast message that a certificate was not installed -->
+    <string name="cert_not_installed">Certificate not installed</string>
 
     <!-- Sound settings screen, setting check box label -->
     <string name="emergency_tone_title">Emergency dialing signal</string>
diff --git a/res/xml/install_certificate_from_storage.xml b/res/xml/install_certificate_from_storage.xml
index 0116713204c..0cf4a36e46d 100644
--- a/res/xml/install_certificate_from_storage.xml
+++ b/res/xml/install_certificate_from_storage.xml
@@ -28,11 +28,8 @@
             android:title="@string/ca_certificate">
 
             <intent
-                android:action="android.credentials.INSTALL"
-                android:targetPackage="com.android.certinstaller"
-                android:targetClass="com.android.certinstaller.CertInstallerMain">
-                <!-- Same value as CERTIFICATE_USAGE_CA in keystore/java/android/security/Credentials.java -->
-                <extra android:name="certificate_install_usage" android:value="ca"/>
+                android:targetPackage="com.android.settings"
+                android:targetClass="com.android.settings.security.InstallCaCertificateWarning">
             </intent>
 
         </Preference>
diff --git a/src/com/android/settings/security/InstallCaCertificateWarning.java b/src/com/android/settings/security/InstallCaCertificateWarning.java
new file mode 100644
index 00000000000..701d9f46432
--- /dev/null
+++ b/src/com/android/settings/security/InstallCaCertificateWarning.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.security;
+
+import android.annotation.Nullable;
+import android.app.Activity;
+import android.content.Intent;
+import android.os.Bundle;
+import android.security.Credentials;
+import android.view.View;
+import android.widget.Toast;
+
+import com.android.settings.R;
+
+import com.google.android.setupcompat.template.FooterBarMixin;
+import com.google.android.setupcompat.template.FooterButton;
+import com.google.android.setupdesign.GlifLayout;
+
+/**
+ * Creates a warning dialog explaining the consequences of installing a CA certificate
+ * This is displayed before a CA certificate can be installed from Settings.
+ */
+public class InstallCaCertificateWarning extends Activity {
+
+    @Override
+    public void onCreate(@Nullable Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        setContentView(R.layout.ca_certificate_warning_dialog);
+        final GlifLayout layout = findViewById(R.id.setup_wizard_layout);
+
+        final FooterBarMixin mixin = layout.getMixin(FooterBarMixin.class);
+        mixin.setSecondaryButton(
+                new FooterButton.Builder(this)
+                        .setText(R.string.ca_certificate_warning_install_anyway)
+                        .setListener(installCaCertificate())
+                        .setButtonType(FooterButton.ButtonType.OTHER)
+                        .setTheme(R.style.SudGlifButton_Secondary)
+                        .build()
+        );
+
+        mixin.setPrimaryButton(
+                new FooterButton.Builder(this)
+                        .setText(R.string.ca_certificate_warning_dont_install)
+                        .setListener(returnToInstallCertificateFromStorage())
+                        .setButtonType(FooterButton.ButtonType.NEXT)
+                        .setTheme(R.style.SudGlifButton_Primary)
+                        .build()
+        );
+    }
+
+    private View.OnClickListener installCaCertificate() {
+        return v -> {
+            final Intent intent = new Intent();
+            intent.setAction(Credentials.INSTALL_ACTION);
+            intent.putExtra(Credentials.EXTRA_CERTIFICATE_USAGE, Credentials.CERTIFICATE_USAGE_CA);
+            startActivity(intent);
+            finish();
+        };
+    }
+
+    private View.OnClickListener returnToInstallCertificateFromStorage() {
+        return v -> {
+            Toast.makeText(this, R.string.cert_not_installed, Toast.LENGTH_SHORT).show();
+            finish();
+        };
+    }
+
+}