Clear search
Close search
Google apps
Main menu

Work with certificates

Some or all of this information applies only to devices running Android 4.3 and higher.

You can use digital certificates to identify your device for a variety of purposes, including VPN or Wi-Fi network access as well as authentication to servers by apps such as Email or Chrome. If you plan to use certificates for Wi-Fi authentication, be sure to select the Wi-Fi option from the menu described below. Typically, such certificates are provided by your system administrator for installation in your device’s trusted credential storage.

Android supports DER-encoded X.509 certificates, saved in files with a .crt or .cer file extension. If your certificate file has a .der or other extension, you must change it to .crt or .cer or you won’t be able to install it.

Android also supports X.509 certificates saved in PKCS#12 key store files with a .p12 or .pfx extension. If your key store has some other extension, you must change it to .p12 or .pfx or you won’t be able to install it. When you install a certificate from a PKCS#12 key store, Android also installs any accompanying private key or certificate authority certificates.

Install client & CA certificates

To install a certificate from your device's internal storage:

  1. Copy the certificate or key store from your computer to the root of your device's internal storage (that is, not in a folder).
  2. Go to Settings > Personal > Security > Credential storage > Install from storage.
  3. Touch the filename of the certificate or keystore to install. Only certificates that you haven't already installed are displayed.
  4. If prompted, enter the key store password and touch OK.
  5. Enter a name for the certificate and choose either VPN and apps or Wi-Fi in the credential use menu, and touch OK.

Typically, a CA certificate included with a client certificate is installed at the same time. You can also install separate CA certificates using the same steps.

If you have not already set a pattern, PIN, or password for your device, you’re prompted to set one up. The type of lock that's acceptable may be predetermined by your system administrator.

After a certificate is installed successfully, the copy in storage is deleted.

Important: Apps such as Email and Browser that support certificates allow you to install certificates directly from within the app. For details, see the Help or other instructions that come with each app.

Work with CA certificates

  1. Touch Settings > Personal > Security > Credential storage > Trusted credentials. The trusted credentials screen has two tabs:

    System displays certificate authority (CA) certificates that are permanently installed in the ROM of your phone.

    User displays any CA certificates that you have installed yourself, for example in the process of installing a client certificate.

  2. To examine the details of CA certificate, touch its name. A scrolling screen displays the details.
  3. To remove or disable a CA certificate, scroll down to the bottom of the details screen and touch eitherDisable for system certificates orRemove for user certificates.

    When you disable a system CA certificate, the button at the bottom of its details screen changes to Enable, so you can enable the certificate again if necessary. When you remove a user-installed CA certificate, it is gone permanently and must be re-installed if you want it back.

  4. In the confirmation dialog that appears, touchOK.

Amy is an Android expert and author of this help page. Leave her feedback below about the page.

Was this article helpful?
Watch video tutorials

To get the latest tips, tricks, and how-to's, subscribe to our YouTube Channel.