Before installing the software, if you don't already have some readers of cryptographic cards , below are the basic characteristics for the reader to be compatible with T-CAT: PC/SC 1.0 compliant and to supply a current of at least 60 mA. (The AOC Consortium does NOT supply the readers, users must request the readers from their IT providers.)
Next, install the PKI Manager software on your computer to be able to use T-CAT , according to the operating system you have installed on your machine (you must first uninstall the old versions).
PKI Manager for Microsoft Windows
PKI Manager for Linux
PKI Manager for MAC
Before installing the software, if you do not already have a cryptographic card reader, the following are the basic features for the reader to be compatible with T-CAT: PC/SC 1.0 compliant and to supply a current of at least 60 mA. (The AOC Consortium does NOT supply the readers, users must request the readers from their IT providers.)
Next, install the Safesign software on your computer to be able to use the T-CAT , according to the operating system you have installed on your machine (you must first uninstall the old versions)
Safesign for Microsoft Windows
Windows 10 And 11 (32-bit) 3.0.124
Windows 10 And 11 (64-bit) 3.0.124
Safesign for Linux
CentOs 8
Ubuntu 18.04 LTS
Ubuntu 20.04 LTS
Safesign for MAC
Important note: In the case of having the software for the use of the electronic DNI on the computer where the Safesign will be installed, it is necessary to verify that the installed version of this software (e-DNI), is the last one available. Otherwise, the correct operation of Safesign could be affected.
The AOC Consortium works continuously to obtain the maximum recognition of its certificates as well as to guarantee their operation with the most used combinations of operating systems and computer programs (Internet browsers, office applications, etc.).
In the same sense, the analysis of the profiles of the users of the AOC Consortium certificates has made it possible to identify which are the most used combinations and to concentrate efforts on maintaining the compatibility of the AOC Consortium certificates with them.
The following tables show the different compatibility scenarios of the AOC Consortium certificates.
| compatible |
| Incompatible |
Windows operating systems
| Operating System Version | T-CAT (SafeSign, PKI Manager) | Software (idCAT, T-CAT P) |
| Windows 10 and 11 |
Applications on Windows
| application | T-CAT (SafeSign, PKI Manager) | Software (idCAT, T-CAT P) |
| Microsoft Outlook | ||
| Mozilla Firefox | ||
| Mozilla Thunderbird | ||
| Adobe Reader DC | ||
| Google Chrome |
Compatibility with MAC OS
| scenario | T-CAT (SafeSign, PKI Manager) | Software (idCAT, T-CAT P) |
| MAC OS / Mozilla Firefox | Pre-installation of the PKCS#11 library | Certificate installed in the application repository |
| MAC OS / Mozilla Thunderbird | Pre-installation of the PKCS#11 library | Certificate installed in the application repository |
| MAC OS / Adobe Reader | Pre-installation of the PKCS#11 library | Certificate installed in the application repository |
Compatibility with LINUX
| scenario | T-CAT (SafeSign, PKI Manager) | Software (idCAT, T-CAT P) |
| Linux Ubuntu / Mozilla Firefox | Previous installation of the PKCS#11 library | Certificate installed in the application repository |
| Linux Ubuntu / Mozilla Thunderbird | Previous installation of the PKCS#11 library | Certificate installed in the application repository |
| Linux Ubuntu / Adobe Reader | Previous installation of the PKCS#11 library | Certificate installed in the application repository |
Why is it necessary to install them?
These keys are necessary to verify that the certificates that arrive on our computer equipment have been issued by one of the certification authorities in the hierarchy of entities of the AOC Consortium. Browsers have built-in trust in some certification bodies by default.
- Windows: Control Panel > Internet Options > Content > Certificates
- Mozilla Firefox browser: Tools > Options > Advanced > Encryption > View certificates
The AOC Consortium meets all the necessary requirements to be included in the most used browsers, operating systems and platforms.
In cases where these keys are not pre-loaded, it is necessary to manually install the certification entity's public keys in order to enable trust.
There are two options for installing public keys:
1.- Installation of all public keys from a single file (recommended). Choose according to your browser, if you use:
Internet Explorer and Google Chrome on Windows operating system
- Save the file containing all the public keys on your hard drive, for example on your Windows desktop.
- Click on the file with the right mouse button and choose the option “Install certificate”
- Follow the instructions and press next at each step until the window disappears and the following message appears: “Import was successful”.
Mozilla Firefox on any operating system, Windows, Linux or MAC
- Save the file containing all the public keys to your hard drive.
- Inside Firefox import the downloaded file by opening the options in the right side menu
, Options > Advanced > Certificates > View certificates > Entities tab > Import > Select file (the options shown are for Firefox version 49).
Safari and Google Chrome with MAC operating system
- Save the file containing all the public keys to your hard drive.
- Double-click the downloaded file, and accept the installation in the certificate store.
2.- Installation of the public keys you need. To download all the required public keys of a specific hierarchy, press the button corresponding to the entity to which it belongs.
In 2015 the certification hierarchy of the AOC Consortium was reduced to 2 Certification Entities and encompassing the current ECs as follows:
- The EC - Public Sector: which concentrates the issuance of certificates by the Public Sector of Catalonia.
- EC-Ciutadania: which issues digital certificates to citizens.
Citizenship
Download and install the following keys:
1.- key of the root certifying body of the AOC Consortium
2.- key of the citizen certification entity
Public Sector
Download and install the following keys:
1.- key of the root certifying body of the AOC Consortium
2.- key of the Public Sector certification body
All public keys
This file contains all the public keys of the certification body since the creation of the hierarchy of the AOC Consortium .
Other matters of interest:
No. As of today, we do not have a software available for the use of T-CAT certificates on a card that is compatible with the operating systems of mobile devices (IOS, Android...). Software certificates (eg: T-CAT P), however, can be installed on these devices following the instructions in the corresponding manual:
This guide is used to configure the Firefox browser to detect T-CAT on MAC systems from versions 10.6 to 10.10.
Step 1 : You must have installed the T-CAT software, SafeSign for MAC.
Step 2 : Open the Firefox browser and access the menu > Options > Advanced > Certificates > Security devices > Load > In "module name" you must put T-CAT. In the "Module file" option you must put libaetpkss.dylib > Accept > Accept
