How to export the T-CAT P and install it on other devices?

EXPORT

To export a certificate in software from the Mozilla Firefox browser, you will need to follow the following steps:

Step 1 : Access Tools - Settings - Privacy and Security - Show Certificates

Step 2 : Choose the certificate to export, from those that will appear in the central part of the window below in your browser, and click on " Make a copy ".

Step 3: Indicate the name and location of the p.12 file that will be created on the computer with the certificate.

Step 4 : Once done choose a password

Step 5 : Finally, a message will be displayed that reads “ the export was completed successfully ”.

Note: If you cannot complete the export process because an error of the type "An error occurred for unknown reasons when saving the backup copy of the PKCS #12 file" appears, check that the certificate you want to export is in software (it is not recorded on a card-type device) and that you have the public key and private key installed in the browser.

IMPORT

A file with the extension p.12 will have been created on your computer containing the digital certificate that you can copy to a pen drive to install on another computer using the " Import " option. You will find this by accessing Tools - Settings - Privacy and Security - Show certificates.

Remember that when importing you will have to enter the password defined in step 4 .

EXPORT

To export a digital certificate in software from the Google Chrome browser, you must follow the steps below:

Step 1: Access the button from the top right. Option " Settings ">Privacy and Security>Security>Manage certificates> Manage imported Windows certificates . 

Step 2 : This window displays the certificates installed on your computer in the " Personal " tab. Select the certificate you want to copy and click the "Export" button. At this point, the wizard for exporting digital certificates will open.

Important note: in the "Personal" tab of this window, both the certificates installed in the repository with the public and private key ( full certificate ) are displayed, as well as the certificates for which we either only have their public key , which means that we cannot identify ourselves or sign with them, or the private key is hosted on some external device (eg: a T-CAT card). Likewise, the steps described in this FAQ will only be used to export the certificates of the first group ( full certificate installed on the computer ).

Step 3 : At this point, a wizard opens to export the certificate that we must follow:

Step 4 : In the following image, it is important to select the " Export private key " option, otherwise you will only be creating a file with the public key that will not be used to identify yourself or sign. If you cannot select this option, it means that the selected certificate cannot be exported in its entirety because it is not a certificate in software installed on your computer with a public and private key (as explained in the note in point 2).

Step 5 : In the image below you will need to define a password that you will need when installing the file with the certificate you are creating, on another device, or to sign directly from the file, without having to install the certificate on your computer, as long as the application allows it. Therefore, it is very important that you remember the code indicated.

Step 6: You must then define a location where to save the file with the certificate on your computer and give it a name.

Step 7 : Finish the wizard and you will have created the .p.12 or .pfx file on your computer.

IMPORT

Once the certificate copy is made, you can save the file on a mobile device, a memory stick, a diskette, etc., following the following steps:

Step 1: Access the button from the top right. Option " Settings ">Privacy and Security>Security> Manage certificates> Manage imported Windows certificates .

Step 2: Click on "Import". The "Certificate Import Wizard" opens, click on Next, and select the certificate file. If you click on "Next", you will be asked for the password with which the certificate was previously protected. Once indicated, of the three options allowed by the wizard, leave all of them checked and select "Next" until the wizard indicates that the import has been completed correctly.

Every time you want to use the T-CAT P on other computers you will have to perform this operation.

Optionally, it is possible to protect the T-CAT P with a PIN during the process:

• Check " Enable secure private key protection".

If you enable this option, the system will notify you every time an application needs to use the certificate's private key (identification or signature).

• Once the option mentioned above is checked, if you continue the wizard you will reach the "Finish" button and then you will see the following screen, where you will have to click on "Security level".

• On the next screen, select "Stop" and continue the wizard.

• Finally, indicate the code you want to use for the certificate and Finish the import wizard. Your certificate is now protected with a PIN!

EXPORT

If you have a software certificate installed on your Mac, you can export it by following these steps:

Step 1 Go to Keychain Access > Login > My Certificates.

Step 2 Select the certificate we want to export, we will see that it shows us that it has a private key.

Step 3 Click the right mouse button on the private key of the certificate, a window with several options will open, we must select "Export".

Step 4 A window will open asking us what name we want to save the certificate with and in what location; we will indicate the name and where we want to save the certificate, leaving the default file format: .p12.

Step. 5 A window will open asking us to enter a password that will be used to protect the exported certificate file; this password will have to be entered when we want to install the certificate from the resulting file. If we leave it blank, the file will not have a password.

Step 6 To complete the export, a window will open asking us to enter the login password.

IMPORT

Step 1 Double-click on the file p.12 and select from the “keychains” drop-down: Login.

Step 2 Press the “Add” button to install the certificate.

Note: You must keep in mind that the padlock icon in Keychains - Login must be open for the idCAT certificate to be installed correctly.

The system will ask you for two passwords: the system administrator password first and the download code password later.

Once done, you will have the idCAT certificate installed in the MAC repository (Safari and Google Chrome). For Mozilla Firefox you must import the .p12 or .pfx file into the browser itself. To do this, go to Tools - Settings - Privacy and Security - Show certificates - Import - a wizard will open to perform the installation.

Note: We recommend that you keep the .p12 file as a backup.

Important! For idCAT to be detected as trusted on your MAC, access the “keychains” folder - “Certificates” tab - EC-ACC--> press "obtener información" and once here, expanding the “trust” menu, indicate: "trust always"

NOTE: When performing this action, the system will ask you for your MAC credentials.

Once these steps have been completed, if you go to “keychains” - “Mis Certificados” tab--> your name (idCAT) you will see that it already appears as trusted.

IMPORTANT : To be able to install and use T-CAT P on a mobile device, you must first have downloaded the installation file on a computer.

Below are the steps to install T-CAT P on Android:

1. Email the T-CAT P file in .p12 or .pfx format.
2. Open the email from your mobile phone or tablet where you received the .p12 or .pfx file.
3. Click on the attachment in the email to open it.
4. You will receive a message to extract the certificate. Enter the management code (password) that matches the one you have on the delivery sheet and that you used to download the T-CAT P.
5. Then select the "app user certificate and VPN" option.
6. Enter a name for the certificate
7. Press "OK" and the T-CAT P will be installed correctly.

If you don't have the original file, you can make a copy from the browser on the computer where you have it installed. Follow the steps above to export.

IMPORTANT : To be able to install and use T-CAT P on a mobile device, you must first have downloaded the installation file to a computer.

Below are the steps to install T-CAT P on iPhone/iPad:

1. Email the T-CAT P file in .p12 or .pfx format.
2. Open the email from your mobile phone or tablet where you received the .p12 or .pfx file.
3. Click on the file attached to the email to open it and the following message will appear: Profile downloaded, review the profile in Settings if you want to install it.
4. Go to Settings>Downloaded Profile (this option will only appear if you have previously done step 3).
5. Select "Install".
6. Enter your iPhone/iPad PIN
7. Select "Install" again.
8. When you are asked for the password for the identity certificate, enter the management code (password) that matches the one you have on the delivery sheet and that you used to download the T-CAT P.
9. Press "OK" and the T-CAT P will be installed correctly.

If you don't have the original file, you can make a copy from the browser on the computer where you have it installed. Follow the steps above to export.