Some web pages use client certificates instead of usernames and passwords to verify user identities. A certificate is often packaged as a .p12 file, and must be installed in the browser before it can be used. How to install it depends on varies between browsers; some instructions for common browsers are below.

Note: in late 2009, a client-certificate-related vulnerability in the TLS protocol was discovered, and was later resolved by modifying the protocol itself. Some browsers, notably Safari and Internet Explorer (even newer versions), do not support the updated protocol, and will encounter problems when trying to authenticate with client certificates.

Firefox

  1. Open the preferences.
  2. Go to the "Advanced" section.
  3. Go the "Encryption" tab. A dialog will appear.
  4. Go to the "Your certificates" section.
  5. Click "Import..." and select the .p12 file.
  6. Enter the password that was set on the certificate.

Chrome

  1. Click the "wrench" icon to the right of the address bar and choose "Preferences" from the drop-down menu.
  2. Select "Under the Hood" in the left panel.
  3. Click "Manage Certificates..." (near the bottom). A Certificate Manager window will appear.
  4. Click "Import..." and select the .p12 file.
  5. Enter the password that was set on the certificate.

iPhone and IPad

See How to get a FOAF+SSL certificate to your iPhone, beginning at the paragraph that reads "Then just mail yourself that .p12 file...". (Note that the procedure described there applies to any SSL certificate, and not just ones used with FOAF+SSL.)

If a certificate is sent in an email to an IPad, it appear as an attachment. Tap on the attachment to review, "Settings" application opens, click "install" and input "admin" password if needed. The certificate should have a file format of .ca or .p12. See IPad for Business.

Safari on Mac OS

Similar to the procedure on the Iphone and Ipad certificate installation, if the certificate is attached to the email, simply click on the attachment and the 'Keychain Access" opens. Follow the instructions to install the certificate, typically stored by default under "login"

Additional instructions for Mac OS x

When emailing yourself the .p12 key from the Keychain Access in Mac OSx whether to use the certificate in another device, the certificate needs to be exported first as a file to a folder that you choose by right-clicking on the certificate. It will then request for a new password that is specific to the file.

In this process, when opening the .p12 file in the Iphone or Ipad, you will need to input that file-specific password in order to download and install the certificate. If the device has "admin" password, input it first and then the certificate specific password used initially when the file was exported from Keychain Access.

Additional instructions for Windows to a Mac device

If the credential is not available in your personal certificate store, you must add it before creating your profile. In addition, the private key must be marke as exportable, which is one of the steps off ered by the certificate import wizard. Note that adding root certificates requires administrative access to the computer, and the certificate must be added to the personal store.

Blackberry Messenger

A certificate can be emailed as an attachment to the device can be imported manually. For details on downloading the certificate from the certificate authority, go to the Blackberry Support Section.

Windows 7

Click the "Start" button, type certmgr.msc in the "Search" box, then press ENTER. Click the folder where you want the certificate, click the "Action" menu, point to "All Tasks", and click "Import". Click "Next" and follow instructions.

For a more detailed explanation, go to Windows Forum.

Windows XP

For the purpose of security, it is recommended to use Chrome and/or Firefox in older Windows versions. For details on importing a certificate in the Windows XP environment, go to Microsoft.

Android

Certificate credentials on the Android OS only works with VPN and secure WiFi certificates but does not work for client certificates on the browser. For updates on the progress of this issue, go to the Google forum.

The SandroB app in the Android marketplace tries to circumvent this issue. Please note that this app is still unproven and not well-rated.