Technical checks for the operation of the electronic DNI
Skip information indexTechnical checks of the electronic DNI with Mozilla Firefox and Macintosh
The use of the electronic DNI is valid for online procedures. In addition to the ability to physically identify its holder, it allows identification in telematic media and also electronic signatures. In order to use it, it is necessary to have certain hardware and software elements that allow access to the card chip and, therefore, the use of the certificates contained therein.
When accessing a web page option that requires an electronic certificate, the browser must request the PIN and then display the certificate store so that the corresponding one can be chosen (authentication or signature). If this does not happen, it means that the browser or the DNIe are not correctly configured.
Browser settings and DNIe
To use the DNIe it is necessary to have a card reader that complies with the ISO-7816 and API PC/SC standards, that is properly connected to the computer and that the operating system recognizes it correctly.
In addition, it is necessary to install the appropriate software depending on the operating system used. The software can be downloaded from the download area of the official website of the DNI electronic card of the Ministry of the Interior. Also, check which version of the DNIe you are using: Version 3.0 is NOT considered compatible with Macintosh OS X versions lower than 10.9.
At www.dnielectronico.es access the link "Download area" and select "GNU/Linux and MacOS systems" .
Click on "Software for MacOS Systems".
Download and run the appropriate installer under the "Software for 64-bit Mac OS X systems" (Intel processor) or "Software for MacOS systems with ARM architecture (M1 chip)" sections. Follow the wizard's instructions to complete the process.
You can check your computer's processor type from "About This Mac."
Manually loading the module
Upon completion of the installation, the web browser opens with the guide to configure the cryptographic module in Firefox; Go to "Firefox", "Preferences", "Privacy and security", "Certificates" section, click on "Security devices".
Check that there is no security module and device of the DNIe previously installed as it may cause some type of conflict in the usability of the software.
If there is a DNIe module previously installed, select it and click "Download" to remove it from the list. If it does not allow you to download it, close Firefox, remove the electronic DNI from the reader and access Firefox again to try to download the device with the electronic DNI disconnected.
Then click "Upload". Give the module a name (for example " DNIe ") and navigate to the path using the "Browse" button. You can also manually specify the module path: Library/Libpkcs11-dnie/lib/libpkcs11-dnie.so (up to Mac 10.12 and in version 10.15) or Library/Libpkcs11-dnietif/lib/libpkcs11-dnietif.so. (the usual one since Mac 10.13). Click "OK".
If you get the error "Unable to add module", check that you have entered the module file path correctly, exit Firefox and disconnect the DNIe if it was entered. Please reopen Firefox and retry the process without having the DNIe connected.
If the module is loaded, the information box displays the following information:
- The status "Not present" means that the DNIe is not entered (or not correctly).
- Under "Description" and "Manufacturer" it shows technical information about the detected card reader
Close the browser again, enter the DNIe , reopen Firefox and click "Sign in".
Importing the root certificate in Mozilla Firefox
After installing the module, import the root certificate of DNIe from "Firefox", "Preferences", "Privacy and security", "Certificates", "View certificates". In the "Authorities" tab, click "Import" and manually enter the path to the root certificate: /Library/Libpkcs11-dnie/share/ac_raiz_dnie.crt
In the window that appears next, check the two trust boxes and click "OK".
Sign in to Mozilla Firefox
To use the DNIe it is recommended to log in to Mozilla Firefox, thus avoiding identification problems. To do this, enter the DNIe and open Firefox with it connected. Then go to "Preferences", "Privacy and security", "Certificates", "Security devices".
Select the loaded module and click "Login", enter the password or PIN and, if everything is correct, the text "Session started" will appear in the "Value" column.
After checking that the DNIe is correctly installed, it is necessary to verify that it works correctly . To check if the electronic DNI is valid and correct, access the FNMT page in the "Obtain / Renew your Digital Certificate" option.
Note: If when clicking on "Obtain/Renew your Digital Certificate" you get the error "Your connection is not secure" it means that the AC ROOT FNMT -RCM certificate is not installed. To access this case, click on "Advanced", "Add exception...". Then install the certificate AC ROOT FNMT
Next, in the left side menu, select "Individual", click on "Check Status" and then "Request Verification".
If the DNIe is recognized correctly, it displays the authentication certificate. Click "Accept".
After identification, the status of the certificate is displayed. The certificate is correct when its status is "Valid and not revoked". It is not possible to use the DNIe if it is expired, revoked or inactive for any other reason.
If you still do not advance to the next screen after entering the PIN correctly or a "Page cannot be displayed" message appears, the PIN is probably blocked.
Until validation (authentication and signature) is completed successfully, the DNIe will not work on our website.