Clear search
Close search
Google apps
Main menu

Add & remove certificates

If an app or network that you want to use needs a certificate that you don't have, you'll need to install that certificate.

Digital certificates identify computers, phones and apps for security reasons. Just like you'd use your driver’s licence to show that you can legally drive, a digital certificate identifies your device and confirms that it should be able to access something.

Most certificates are installed automatically, so that you don't usually need to do anything. To manually install a certificate, follow the instructions below.

Note: Android isn't the same on all devices. These instructions are for devices running Android 7.0 and up. Find out how to check your Android version.

Install a certificate

  1. Open your device's Settings app Settings .
  2. Under "Personal", tap Security.
  3. Under "Credential storage", tap Install from storage.
  4. Under "Open from", tap where you saved the certificate.
  5. Tap the file.
  6. If prompted, enter the key store password and tap OK.
  7. Type a name for the certificate.
  8. Pick VPN and apps or Wi-Fi.
  9. Tap OK.

If you haven't already set a PIN, pattern or password for your device, you’ll be asked to set one up.

Remove customised certificates

To remove certificates that you've installed, open your device's Settings app Settings and then Security and then Clear credentials and then OK.

This doesn't remove any permanent system certificates that your device needs to work.

Advanced topics

Work with certificate and key store file types

Standard certificate file extensions

Android supports DER-encoded X.509 certificates saved in .crt or .cer files.

To install a certificate saved in a .der or other file, change the extension to .crt or .cer.

Key store file extensions

Android supports X.509 certificates saved in PKCS#12 key store files with a .p12 or .pfx extension.

To install another kind of key store file, change the extension to .p12 or .pfx.

Work with CA certificates (trusted credentials)

Certificate authorities (CAs) are trusted third parties that issue digital certificates.

Important: Most people don't need to work with CA certificates. Adding a CA certificate can affect your device's security.

Most apps don't work with CA certificates that you add

In Android 7.0 and higher, by default, apps don't work with CA certificates that you add. But app developers can choose to let their apps work with manually added CA certificates.

See your CA certificates

  1. Open your device's Settings app Settings .
  2. Under "Personal", tap Security.
  3. Under "Credential storage", tap Trusted credentials. See 2 tabs:
    • System
      CA certificates permanently installed on your device
    • User
      CA certificates that you installed and can remove
  4. To see details, tap the CA.

Turn off or remove CA certificates

  1. Open your device's Settings app Settings .
  2. Under "Personal", tap Security.
  3. Under "Credential storage", tap Trusted credentials.
  4. Tap the tab for the type.
    • System
      To turn a system CA certificate on or off at any time, tap its On/Off switch.
    • User
      To permanently remove a CA certificate that you installed, tap it, scroll to the bottom and tap Remove.

Amy is an Android expert and author of this help page. Leave her feedback about the page below.

Was this article helpful?
How can we improve it?
Watch video tutorials

To get the latest tips, tricks, and how-to's, subscribe to our YouTube Channel.