Search
Clear search
Close search
Google apps
Main menu

If you're experiencing battery drain issues, you can try troubleshooting here. If you didn't buy your Nexus 6P from us, please contact Huawei. If you bought from Project Fi, please visit the Project Fi Help Center. If you bought from Google Store, please visit our Hardware Warranty Center.

Add & remove certificates

If an app or network that you want to use needs a certificate that you don't have, you can install that certificate.

Digital certificates identify computers, phones, and apps for security. Just like you'd use your driver’s license to show that you can legally drive, a digital certificate identifies your device and confirms that it should be able to access something.

Most certificates are installed automatically. You don't usually need to do anything with certificates. But to manually install a certificate, follow the steps below.

Note: Some of these steps work only on Android 8.0 and up. Learn how to check your Android version.

Install a certificate

  1. Open your device's Settings app Settings app.
  2. Tap Security & Location and then Encryption & credentials.
  3. Under "Credential storage," tap Install from storage.
  4. In the top left, tap Menu Menu.
  5. Under "Open from," tap where you saved the certificate.
  6. Tap the file. (If needed, enter the key store password. Tap OK.)
  7. Type a name for the certificate.
  8. Pick VPN and apps or Wi-Fi.
  9. Tap OK.

If you haven't already set a PIN, pattern, or password for your device, you’ll be asked to set one up.

Remove custom certificates

You can remove certificates that you've installed. This doesn't remove permanent system certificates that your device needs to work.

  1. Open your device's Settings app Settings app.
  2. Tap Security & Location and then Encryption & credentials.
  3. Under "Credential storage," tap Clear credentials and then OK.

Advanced

Work with certificate & key store file types

Standard certificate file extensions

Android supports DER-encoded X.509 certificates saved in .crt or .cer files.

To install a certificate saved in a .der or other file, change the extension to .crt or .cer.

Key store file extensions

Android supports X.509 certificates saved in PKCS#12 key store files with a .p12 or .pfx extension.

To install another kind of key store file, change the extension to .p12 or .pfx.

Work with CA certificates (trusted credentials)

Certificate authorities (CAs) are trusted third parties that issue digital certificates.

Important: Most people don't need to work with CA certificates. Adding a CA certificate can affect your device's security.

Most apps don't work with CA certificates that you add

In Android 7.0 and up, by default, apps don't work with CA certificates that you add. But app developers can choose to let their apps work with manually added CA certificates.

See your CA certificates

  1. Open your device's Settings app Settings app.
  2. Tap Security & Location and then Encryption & credentials.
  3. Under "Credential storage," tap Trusted credentials. You'll see 2 tabs:
    • System: CA certificates permanently installed on your device
    • User: CA certificates that you installed and can remove
  4. To see details, tap a CA certificate.

Turn off or remove CA certificates

  1. Open your device's Settings app Settings app.
  2. Tap Security & Location and then Encryption & credentials.
  3. Under "Credential storage," tap Trusted credentials.
  4. Tap the tab for the type.
    • System: Find the certificate and turn it on or off.
    • User: To permanently remove a CA certificate you installed, tap it, scroll to the bottom, and tap Remove.
Amy

Amy is an Android expert and author of this help page. Leave her feedback below about the page.

Was this article helpful?
How can we improve it?
Watch video tutorials

To get the latest tips, tricks, and how-to's, subscribe to our YouTube Channel.