Good practices if you hold a Certified idCAT

Digital certificates allow us to relate electronically securely because they prove our identity. Its use is equivalent to a handwritten signature.

The use of digital certificates has become widespread among citizens in recent years, thus increasing the likelihood of identity theft.

As the holder of your digital certificate, you are responsible for its use. It must be remembered that a digital certificate is personal and non-transferable, it is your "I" on the network and it is important that you follow good practices to avoid fraudulent use or impersonation of your identity.

Recommendations and best practices

1. Obtaining the certificate:

It is very important that you select a trusted digital service provider in accordance with the eIDAS Regulation because it is the only one that guarantees security and data protection standards.

The AOC Consortium is a trusted supplier recognized by the Ministry for Digital Transformation and Public Service. The AOC issues, among others, the idCAT Certificate for citizens.

You have more information at:

• How to obtain the idCAT Certificate
• Other qualified digital certificates

2. Download and install the idCAT Certificate

• Before installing your idCAT Certificate, check that your computer's operating system is up-to-date (this is a way to avoid potential security holes).
• Do not download or install it in a newsroom or other location with shared computers.
• Protect the Certificated idCAT with a PIN of use enabling secure protection of the private key during installation.
• When you finish the installation, save the file of your idCAT Certificate in a safe place. Avoid saving it to a shared computer, USB or hard drive without a password.
• Install it on your computer in your individual password-protected session.
• Delete the certificate file if you change computers.

You have more information at:

• How to download and install the idCAT Certificate
• How to protect the idCAT Certificate with a user pin

3. Custody and use of the idCAT Certificate

• We recommend that you set an alert (by mail or mobile phone) to renew your certificate. It expires after 4 years from its issue.
• Do not leave your idCAT Certificate to a third party. Remember, you are responsible for how you use it.
• If you detect that someone is misusing your certificate, revoke it as quickly as possible.

You have more information at:

• How do I renew my idCAT Certificate?
• How do I revoke my idCAT Certificate?
• Can the management ask me for my idCAT Certificate?