The Electronic Certificates

• It is an electronic document issued by a Trusted Service Provider and identifies a person (physical or legal) with a key pair.
• Its mission is to validate and certify that an electronic signature corresponds to a specific person or entity.
• It contains the necessary information to sign electronically and identify its owner with its data: name, NIF, algorithm and signature keys, expiration date and agency that issues it.
• The Trust Service Provider attests that the electronic signature corresponds to a specific user. That is why the certificates are signed, in turn, by the Trusted Service Provider.
• Qualified electronic certificate is referred to if it meets the requirements established by the legislation, is issued by a qualified trust service provider and guarantees a high level of security and authenticity, the legislation being Regulation (EU) 910/2014, known as the eIDAS Regulation, and Law 6/2020, of 11 November, regulating certain aspects of electronic trust services. supplementing the eIDAS Regulation in Spain.

In a Certificate, the digital keys are theEssential elements for signature and identificationof the signatory. There are two keys, theprivate keyandpublic key, and work in a complementary way. What encrypts or encodes one key can only be decrypted or decoded by the other.

The difference between them is that the private key is designed so that it never leaves the certificate and is always under the control of the signer. Instead, the public key can be shared or sent to other users.

Sometimes, people talk aboutPrivate Certificateto refer to the certificate containing the private key and the public key and thePublic Certificateto refer to the certificate that only contains the public key.

Important: If you send your certificate to a third party, make sure it is the public certificate (which contains only the public key). For more information on exporting a certificate, go to the sectionBrowsers and Computer.

Since October 2, 2016, with the entry into force of Article 14 of Law 39/2015, of October 1, on the Common Administrative Procedure of Public Administrations, they are obliged to relate through electronic means to the Public Administrations for the completion of any procedure of an administrative procedure, at least the following subjects that may fall within the categories of SMEs and self-employed or self-employed:

1. The legal persons.
2. Entities without legal personality.
3. Those who carry out a professional activity for which compulsory membership is required, for the procedures and actions they carry out with the Public Administrations in the exercise of that professional activity. In any case, within this collective will be understood as including notaries and registrars of the property and mercantiles.
4. Those who represent an interested party who is obliged to interact electronically with the Administration.

For this relationship it is necessary to use identification systems of the interested parties in the procedure (article 9 of Law 39/2015) and signature systems admitted by the Public Administrations (article 10 of the same).

Among the supported identification and signature systems are those based on qualified electronic certificates of electronic signature issued by providers included in the "Trusted List of Certification Service Providers", and to use these systems it is necessary that the subject has the corresponding qualified electronic certificate of electronic signature.

To accredit the representation it is necessary to have a qualified electronic certificate of electronic signature issued to natural persons as a representative.

Depending on each service provider, different representative certificates are offered for use in their relations with public administrations, entities and bodies. Among the most common are the following:

• Representative of Legal Person. A natural person is issued as a representative of a legal person.
• Representative of an Entity without Legal Personality. It is issued to a natural person as a representative of an entity without legal personality.

To have the certificate, the subject must follow the steps indicated by the service provider and comply with the technical requirements necessary to request and install the certificate on his equipment.

You can consult in the following link all the providers included in the "Trusted list of certification service providers", and for each of them obtain their website where you can consult steps, requirements and prices when appropriate:

Obtaining the Digital Certificate depends on whether the certificate is contained on a card, or whether the certificate is stored in a software file.

In both processes there is a step that is the identification of the person responsible for or user of the certificate, which requires that the certificate be placed in the offices of a Registration Authority. These offices corroborate the identity.

In the case of software certificates, the user’s own browser creates the keys. But, in the Card Certificate, the person who creates and introduces the keys is the Certification Provider.

• Obtaining a Certificate on card

  The certificates contained in cards must be delivered directly to the user.

• Application for software certificate.

  The request and download of the Certificate are made from the browser.

  A list of providers that issue electronic certificates in Spain can be found in the following page.

Electronic Certificates have a period of validity after which they do not serve to sign or to identify themselves.

Each Certification Provider sets deadlines before the certificate expires in order to renew it without the need for another identification. In the case of FNMT certificates, they are valid for 36 months and can be renewed for 60 days prior to their expiry.

If the Certificate expires, the entire certificate application process must be performed again. However, a certificate can be renewed before it expires and the process does not require a new request.

You can invalidate your Certificate before it expires for security reasons.

These are the main reasons for revoking a Certificate:

• Subscriber’s Voluntary Request
• Loss or damage to the support of the Certificate
• Death of the subscriber or his/her representative, total or partial disability of any of them
• Termination of the representation or extinction of the represented entity
• Inaccuracies in the data provided by the subscriber to obtain the certificate
• It is detected that the keys of the Subscriber or the Certification Authority have been compromised
• Once revoked, the certificate can no longer be reactivated and it is necessary to restart the entire application process.

To revoke the Certificates, it must be the Certification Authority itself that provides the procedure, which is normally published on its website.

For example, the revocation of a certificate issued by the National Currency and Stamp Factory (FNMT) can be done in three ways:

• Through the Internet: if the holder of the certificate or his representative, in case of entities, are in possession of it.
• In the Accreditation Office: if the holder of the certificate or representative does not have it for loss, loss or theft, he must appear in one of these Accreditation Offices to, once identified, sign the application form for revocation of the certificate. The Accreditation Offices transmit the processed records daily to the FNMT for the revocation of the certificate.
• By phone: 902 200 616. This option should only be used in cases where you could not travel to an Accreditation Office or it was not possible to revoke the certificate online.