Clear search
Close search
Google apps
Main menu

Work with certificates

A digital certificate helps exchange information securely.

Note: Android isn't the same on all devices. These instructions are for devices running Android 7.0 and up. Check which version of Android you have.

Install certificates

To install a certificate on your phone or tablet:

  1. Copy and paste the certificate or key store. You can copy to:
  2. Open your device's Settings app Settings .
  3. Under "Personal," tap Security.
  4. Tap Install from Storage.
  5. Navigate to the file. Tap the filename.
    Tip: Files that are already installed don't show. And when installing from your device's internal storage, the copy in storage is deleted after successful installation.
  6. If prompted, enter the key store password and tap OK.
  7. Enter a name for the certificate.
  8. In the credential use menu, choose VPN and apps or Wi-Fi.
  9. Tap OK.

If you haven't already set a PIN, pattern, or password for your device, you’ll be prompted to set one up.

Advanced certificate use

Work with certificate and key store file types

Standard certificate file extensions

Android supports DER-encoded X.509 certificates saved in .crt or .cer files.

To install a certificate saved in a .der or other file, change the extension to .crt or .cer.

Key store files and certificate extensions

Android supports X.509 certificates saved in PKCS#12 key store files with a .p12 or .pfx extension.

To install another kind of key store file, change the extension to .p12 or .pfx.

Add trusted certificate authorities (CAs)

Certificate authorities (CAs) issue digital certificates. When needed, a trusted CA is usually installed automatically.

Important: Manually adding a CA is an advanced action. Most people don't need to manually add CAs.

How apps work with manually added CAs

In Android 7.0 and up, each app's developer chooses whether that app will work with CAs that you add.

How to manually add a CA

  1. Open your device's Settings app Settings .
  2. Under "Personal," tap Security.
  3. Under "Credential storage," tap Trusted credentials. See two tabs:
    • System shows certificate authority (CA) certificates permanently installed in your device's read-only memory (ROM).
    • User shows CA certificates that you installed yourself.
  4. To see CA certificate details, tap its name.
  5. To remove or disable a CA certificate, scroll down to the bottom of the details screen and tap either Disable (for system certificates) or Remove (for user certificates).
    • When you disable a system CA certificate, the button at the bottom of its details screen changes to Enable. If necessary, you can turn the certificate back on.
    • When you remove a user-installed CA certificate, it's gone permanently. If you want it back, you must re-install it.
  6. To confirm, tap OK.

Amy is an Android expert and author of this help page. Leave her feedback below about the page.

Was this article helpful?
Watch video tutorials

To get the latest tips, tricks, and how-to's, subscribe to our YouTube Channel.