
In a Certificate, the digital keys are the essential elements for signature and identification of the signatory. There are two keys, the private key and public keyand work in a complementary way. What encrypts or encrypts one key can only decipher or decode the other.
The difference between them is that the private key is designed so that it never leaves the certificate and is always under the control of the signatory. Instead, the public key can be distributed or sent to other users.
At times, we talk about Private Certificate to refer to the certificate containing the private and public key and the Public Certificate to refer to the certificate containing only the public key.
Important: If you send your certificate to a third party, make sure it is the public certificate (which contains only the public key). For more information on how to export a certificate, go to the section Browsers and Computer.
Getting the Digital Certificate depends on whether the certificate is contained on a card, such as the DNIe, or whether the certificate is stored in a software file.
In both processes, there is a step that is the identification of the person responsible or user of the certificate, which requires him to be present at the offices of a Registration Authority. These offices corroborate identity.
In the case of software certificates, the user’s own browser creates the keys. But, in the Card Certificate, who creates and introduces the keys is the Certification Provider.
The certificates contained in cards must be delivered directly to the user.
In the specific case of the DNIe, it is necessary to be present at the offices of the Directorate-General for Police, which is the Certifying Authority. In the section of the Electronic ID you can see the concrete steps to obtain them.
The request and download of the Certificate are made from the browser.
You can find a list of Certification Providers in this page.
Important Note: You should use the same browser throughout the process, from the application to the final download of the certificate.
Electronic Certificates have a past validity period that is neither used to sign nor to identify themselves.
Each Certification Provider sets deadlines before the certificate expires in order to be able to renew it without any other identification. In the case of FNMT certificates, they have a validity of 36 months and can be renewed for 2 months before expiry.
Important note:
All process of renewal of a certificate, from the renewal application to the final unloading, to be carried out from the same browser on which it is installed.
The Certificates included in the cardDNIeare valid for30 months(although the DNIe card may be valid for up to 10 years depending on the age of the person). Here you will find more information abouthow to renew your DNIe Certificates.
If the Certificate expires, the entire process of applying for the certificate must be carried out again. However, a certificate can be renewed before it expires and the process does not require a new application.
You can see if your certificate is expired using the service Invented name of the Ministry of Finance and Public Administrations.
You can also check it directly in your browser, in the options or tools menu. In the web section Browsers and computer We tell you how.
You caninvalidate your Certificatebefore it expires for safety reasons.
These are the main reasons for revocation of a Certificate:
In order to revoke the Certificates, it must be the Certifying Authority itself that provides the procedure, which is normally published on its website.
For example, the revocation of a certificate issued by the National Currency and Stamp Factory (FNMT) can take place in three ways:
In the case ofDNIeyou must present at any timeDispatch Officethe DNIe to revoke the Certificate. The revocation isimmediatethe processing of each application verified as valid.