• It is an electronic document issued by a Certifying Authority and identifies a person (physical or legal) with a pair of keys.
• It's on mission. validate and certify an electronic signature corresponds to a specific person or entity.
• It contains the information needed to sign electronically and identify your owner with your details: name, NIF, algorithm and signature keys, expiration date and issuing body.
• The Marketing Authorisation Holder and Manufacturer Certification Authority gives faith that the electronic signature corresponds to a individual user. That is why certificates are signed, in turn, by the Certification Authority.

In a Certificate, the digital keys are the essential elements for signature and identification of the signatory. There are two keys, the private key and public keyand work in a complementary way. What encrypts or encrypts one key can only decipher or decode the other.

The difference between them is that the private key is designed so that it never leaves the certificate and is always under the control of the signatory. Instead, the public key can be distributed or sent to other users.

At times, we talk about Private Certificate to refer to the certificate containing the private and public key and the Public Certificate to refer to the certificate containing only the public key.

Important: If you send your certificate to a third party, make sure it is the public certificate (which contains only the public key). For more information on how to export a certificate, go to the section Browsers and Computer.

Getting the Digital Certificate depends on whether the certificate is contained on a card, such as the DNIe, or whether the certificate is stored in a software file.

In both processes, there is a step that is the identification of the person responsible or user of the certificate, which requires him to be present at the offices of a Registration Authority. These offices corroborate identity.

In the case of software certificates, the user’s own browser creates the keys. But, in the Card Certificate, who creates and introduces the keys is the Certification Provider.

• Obtaining Certificate on Card (DNIe)

  The certificates contained in cards must be delivered directly to the user.

  In the specific case of the DNIe, it is necessary to be present at the offices of the Directorate-General for Police, which is the Certifying Authority. In the section of the Electronic ID you can see the concrete steps to obtain them.

• Application for a software certificate.

  The request and download of the Certificate are made from the browser.

You can find a list of Certification Providers in this page.

Electronic Certificates have a past validity period that is neither used to sign nor to identify themselves.

Each Certification Provider sets deadlines before the certificate expires in order to be able to renew it without any other identification. In the case of FNMT certificates, they have a validity of 36 months and can be renewed for 2 months before expiry.

The Certificates included in the cardDNIeare valid for30 months(although the DNIe card may be valid for up to 10 years depending on the age of the person). Here you will find more information abouthow to renew your DNIe Certificates.

If the Certificate expires, the entire process of applying for the certificate must be carried out again. However, a certificate can be renewed before it expires and the process does not require a new application.

You caninvalidate your Certificatebefore it expires for safety reasons.

These are the main reasons for revocation of a Certificate:

• Voluntary request from the Subscriber.
• Loss or damage to the Certificate Holder.
• Death of the subscriber or his representative, total or partial incapacity of any of them.
• Completion of the representation or termination of the represented entity.
• Inaccuracies in the data provided by the subscriber for obtaining the certificate.
• That the keys of the Subscriber or the Certifying Authority are found to have been compromised.
• Once revoked, the certificate can no longer be reactivated and it is necessary to restart the entire application process.

In order to revoke the Certificates, it must be the Certifying Authority itself that provides the procedure, which is normally published on its website.

For example, the revocation of a certificate issued by the National Currency and Stamp Factory (FNMT) can take place in three ways:

• ViaInternet: if the holder of the certificate or his representative, in the case of entities, is in possession of the certificate.
• In patients with chronic hepatitis C,Accreditation Office: if the holder of the certificate or representative does not have it for loss, loss or theft, he must be present at one of these Accreditation Offices in order, once identified, to sign the model application for revocation of the certificate. The Accreditation Offices transmit the records processed to the FNMT daily for the FNMT to revoke the certificate.
• By telephone: 902 200 616. This option should only be used in cases where you are unable to move to an Accreditation Office or where it is not possible to revoke the certificate online.

In the case ofDNIeyou must present at any timeDispatch Officethe DNIe to revoke the Certificate. The revocation isimmediatethe processing of each application verified as valid.