One of the reasons why we are lazy to change devices is because we have to transfer everything we already have in one to the new one. Time has made it improve and much in these tasks, but there is still. One of the biggest handicaps is changing computers. And within this, change the computer because we have to reinstall the digital certificate from the old to the new one. But it's not that complicated either and through this tutorial, We are going to try to make things easy.
Don't be lazy to install it.
One of the reasons that people still believe is that if you buy a Mac, it is likely that you will not be able to operate well with digital certificates. Not even that you can install it on the Mac. Nothing is further from the truth. Installing it is a matter of a few minutes if you know what you are doing. The administration does not make things easy but we do and if you follow these steps, it's a matter of very little be able to enjoy XNUMX% access and operability.
So don't be too lazy to install it, much less buy a Mac, thinking that you won't be able to install it. Don't let that stop you.
What is a digital certificate?
The Digital Certificate is the only means that allows us to technically and legally guarantee the identity of a person on the Internet. Therefore, based on this definition, we can deduce that it is an essential requirement for institutions to trust us without being present. Via network. But here it does not end. It also does not allow, since they trust us, to be able to use the electronic signature for documents. Whoever receives this signed document will be sure that it is the original and has not been tampered with and the author of the electronic signature cannot deny the authorship of this signature.
But let's continue.
the digital certificate Allows communication to be encrypted. Only the recipient of the information will be able to access its content. This is so because it consists of a pair of cryptographic keys, one public and one private, created with a mathematical algorithm, so that what is encrypted with one of the keys can only be decrypted with its partner key. The certificate holder must keep the private key in his possession. The public key is part of what is called a Digital Certificate itself, which is a digital document that contains this algorithm together with the owner's data, all electronically signed by a Certification Authority, which is a trusted third party that ensures that the public key corresponds to the holder's data.
Being clear about this. It is not logical to think that the Mac can give us problems when installing certificates, so the process is universal and there will be no problems to perform them. Let's see how.
Installing the Digital Certificate on the Mac
If we follow the steps indicated by the official entity, we will have received a file in a type format *.cer o *.crt or .pfx
It is likely that we will also have to download a file where the public key of that entity is located and that is the one that will validate the information when carrying out the necessary procedures with our private key. It is what is called Root Certificate, a certificate issued by the Certification Authority (CA) for itself. If we take as an example the certificates issued by the National Factory of Currency and Stamps of Spain, (FNMT), the root certificate will serve the user who incorporates it into his browser, to ensure that his user certificate is issued by the Factory and thus be able to trust at.
Step to follow:
In Macs, there is a program that is responsible for managing and storing of passwords, keys and also digital certificates. This program is called Keychain access. To install our certificate in this program, we only need double click on it and we will add or import the certificate.
In this way, we will install the certificate in the system, in the Login keychain of our user, and it will be ready so that we can use it especially with Safari or Google Chrome. It is always good that we verify that the certificate has been installed correctly. For this we access Keychains after entering username and password. On the left, below, we look for where it says "My certificates" and click there.
Warning: Keep in mind that this certificate is not synced via iCloud, so it is very important that we keep the file saved to be able to install the certificate on another Mac or after a restoration of it.
Is there another way to install it?
It may be a bit simpler: Once you have downloaded the certificate on the Mac, we double click on it, and Keychain Access will open. When it asks us if we want to save it, we choose the affirmative option. Once we add it to Keychain Access, it will be available to use in Safari, Chrome and the email account with which we authenticate at the Certifying Agency.
Special attention if we use Firefox
If you realize we are always talking about Safari or Chrome. In Firefox things are a bit different. In this browser it is necessary that the electronic certificate is installed in the browser's certificate store. For that we must follow the following steps:
Preferences–>Privacy and security–> We make sure that when we choose Certificates, we check the option “Ask every time”–> Click where it says “View certificates” and look for the “Your certificates” tab. We make Click on Import and select the correct file.
How we renew certificates
As stated by the FNMT, the Natural Person Certificate renewal process can be carried out during the 60 days prior to the expiration date of the certificate, as long as it has not been previously revoked. But how to know if we have little left for the certificate to expire? We follow these three steps:
- It is necessary to install the FNMT-RCM CONFIGURATOR.
- Request renewal. You must have the FNMT Natural Person Certificate installed in the browser from which you are going to request the renewal, authenticate yourself with it and obtain the request code that is sent at the end of this process in order to download the renewed certificate.
- Ddownload the certificate. Approximately 1 hour after requesting the renewal and using the request code sent to us by email, they will send us a link and we will be able to download and install the renewed certificate.