The below method has been tested using Android 11 and Google Chrome. Google Chrome is already installed on phones and tablets running Android 5.0+.
Browsers like Firefox and DuckDuckGo can download the certificate, but cannot access Android's keystore, and as such, you will need to authenticate to Touchstone using your Kerberos username and password. This also applies to apps like MIT Atlas and MIT Mobile.
Keep the "Certificate Life" field set to its default value and press "Next >>" to receive the error "Your browser failed to generate a key." This is expected behavior.
To learn more about this error, see Certificate Renewal Troubleshooting .
Create a password for the certificate file that will be used for installation (in Step 7 below). Enter this new password in the "Import Password" and "Re-enter Password" fields, then press "Next >>."
The certificate file should automatically download at this page. It can be found in your "Downloads" folder on your phone or in the notification tray by swiping down from the top of the screen.
Once you've found the file, click on it and type the password you created earlier in the below prompt, then press "OK."
Choose "VPN & app user certificate" and press "OK."
Keep the default name for the certificate and press "OK."
You will get a prompt reading "User Certificate installed," meaning you've successfully installed your certificate.
Checking Certificate Installs and Removing Old Certificates
To check if the certificate is installed, navigate to your user credentials using the path below. There you will see the certificates installed on the device.
Jul 26, 2021
Susan Riley Hart
On my Samsung Galaxy S10e running Android 11, the path to the setting where you can view a certificate is different:
Settings > Biometrics and security > Other security settings > User certificates