Good practices if you are a holder of an idCAT Certificate

Digital certificates allow us to interact electronically in a secure way because they prove our identity. Their use is equivalent to a handwritten signature.

The use of digital certificates has become widespread among citizens in recent years, thus increasing the likelihood of identity theft.

As the holder of your digital certificate, you are responsible for the use that is made of it. It is important to remember that a digital certificate is personal and non-transferable, it is your "self" on the network and it is important that you follow good practices to avoid fraudulent use or impersonation of your identity.

Recommendations and good practices

1. Obtaining the certificate:

It is very important that you select a trusted digital service provider in accordance with the eIDAS Regulation because it is the only one that guarantees security and data protection standards.

The AOC Consortium is a trusted provider recognized by the Ministry for Digital Transformation and Public Service. AOC issues, among others, the idCAT Certificate for citizens.

You can find more information at:

• How to obtain the idCAT Certificate
• Other qualified digital certificates

2. Download and install the idCAT Certificate

• Before installing your idCAT Certificate, check that your computer's operating system is up to date (this is a way to avoid possible security gaps).
• Do not download or install it in a call center or other place with shared computers.
• Protect the idCAT Certificate with a user PIN enabling secure protection of the private key during installation.
• When you finish the installation, save your idCAT Certificate file in a safe place. Avoid saving it on a shared computer, USB or hard drive without a password.
• Install it on your computer in your individual password-protected session.
• Delete the certificate file if you change computers.

You can find more information at:

• How to download and install the idCAT Certificate
• How to protect the idCAT Certificat with a PIN

3. Custody and use of the idCAT Certificate

• We recommend that you set an alert (email or mobile) to renew your certificate. It expires 4 years after its issuance.
• Do not leave your idCAT Certificate with a third party. Remember, you are responsible for its use.
• If you detect that someone is misusing your certificate, revoke it as quickly as possible.

You can find more information at:

• How do I renew my idCAT Certificate?
• How do I revoke my idCAT Certificate?
• Can the agency ask for my idCAT Certificate?