Surely you’ve ever come face to face with the enigmatics root certificates when trying to do a procedure online in a place such as the Treasury or the DGT. In Spain, that entity is the National Currency and Stamp Factory, although you may need to install a certificate from other entities.
With mobiles being the main device from which we connect, it is normal that you need more and more install the certificates not on your PC, but on your mobile. It is a simple process in itself, but one that can be confusing if you don’t know how to proceed.
What is a certificate?
A distinction must be made between two types of certificates. The client certificates They are a way of identifying yourself on web pages with additional security, generally required in cases where security is especially important. For example, when carrying out procedures with the administration (taxes, fines, censuses, etc.). They are the equivalent of a digital signature that guarantees that you are, indeed, you.
On the other hand are the root certificates, a special type of certificate that identifies the authority that issues it (CA, or root certificate authority). This type of certificate grants authority to other sub-certificates, in addition to itself. For this reason, it is either pre-installed in the browser / operating system or you must install it manually.
1. Install the root certificate
The first thing you need to do is install the root certificate from the competent authority. If you want to check if it is already installed before, you can go to the Android security settings – See security certificates to see which ones are currently installed.
As always, the name of this menu can vary from one layer of Android to another, and from one version of Android to another. When in doubt, use the settings finder at the top of the window.
The list is long and it does not always have a search engine, so you should be patient to find the CA certificate that interests you. In my case, the FMNT root certificate is not available on my phoneso I have to download and install it manually.
The process is quite easy on relatively recent phones. For example, in the case of FMNT root certificate, the download link is found in the frequent links in the footer from the website: specifically, here.
Since you haven’t installed the certificate yet, the previous page it will give you an error when opening it in the browser. Don’t panic, the matter makes a lot of sense: you don’t have the root certificate used in the connection installed, so Google warns you. Press Advanced and continue anyway to be able download the certificate from your mobile.
Once you are inside, download the certificate that interests you (usually the first one on the list). It is a file with a .CER extension that barely takes up space and that Android will automatically open with the certificate installer. If not, go to downloads to tap on the file and open the installer.
In the installer you have to press To accept and that’s it. If you want to check that the certificate is installed, go to the same section as before, Security – see security certificates, where this new certificate should be listed in the list of user certificates. The same page that previously showed you a security warning in Google will now load without problems.
2. Get your digital certificate
Now comes the “complicated” part: get your digital certificate, the one that identify yourself. The process may vary depending on the issuing competent authority, although the steps should generally be similar. We are going to take as a reference the digital certificate issued by the Spanish FMNT.
Today there is three ways to obtain your digital certificate at the National Mint and Stamp Factory. Two of them will be more comfortable for you to do on a PC, while the other can easily be done on your mobile with the official application. They are as follows:
The application Obtain FNMT certificate only has two buttons on its interface: Request and Pending requests. Press Apply for to find you with the simple form where you are only asked for your ID, first surname and email address.
Once you have filled it in, you will have to accept the conditions window and then receive an information window on the next steps. As in the rest of the methods to obtain your digital certificate, you will need go to an authorized registry office to prove your identity, in person.
When you have completed the process you can download your personal certificate and know your password. Before continuing with the rest of the instructions, make a backup copy of your certificate and keep its password somewhere safe.
3. Install your digital certificate on Android
At this point, all you need to do is install your new digital certificate on Android, just as you installed the root certificate. The process is exactly the same, with the only complication being that if you got it on a PC, you must first copy the certificate itself (the .PFX or .P12 file to your mobile).
If you obtained your certificate from the PC, you need first export it from Internet Explorer or Firefox, the only two supported browsers. If you need help on how to do it, read the section “I already have the certificate installed, how do I make a backup?” of this guide in Engadget.
To copy it to Android you have many options, from connecting your mobile to the PC with your cable until wearing a memory card, send via Wi-Fi, Bluetooth, Google Drive, Gmail, Dropbox or even with Telegram. Personally, I prefer the latter as it is very comfortable with the PC client, but any mode is valid and as it is a personal certificate, you are probably interested in a transfer that is not based on the cloud for greater security.
Once you have the file on your mobile, open it from the Android file explorer to open the Android certificate installer. Your Android mobile should include a simple file manager (usually called “Files”). If you don’t have any browser installed, I recommend MiXplorer.
In the hypothetical case that you cannot install the certificate directly in this way, you can go to Settings – Security – Credential storage – Install certificates from SD, to do it manually.
If you requested your personal certificate from the FMNT Android application, once it has been approved you should be able to download it directly from the application itself. Now, many of the users on Google Play complain that they have not been able to download the certificate like this and have had to redo the process from a PC, so you may have a problem.
As you can see, installing certificates on Android is quite simple in itself: just open the certificate file with the certificate installer Most of the time. Really the only complications are in the previous steps, to obtain the certificate itself.