To provision the certificates and the private key to the nRF91 Series modem, complete the following steps:

1. `Download nRF Connect for Desktop`_.
#. Update the modem firmware on the onboard modem of the nRF91 Series device to the latest version by following the steps in :ref:`nrf9160_gs_updating_fw_modem`.
#. Build and program the :ref:`at_client_sample` sample to the nRF91 Series device as explained in :ref:`building` and :ref:`programming`.
#. Launch the `Cellular Monitor`_ application, which is part of `nRF Connect for Desktop`_.
#. Click :guilabel:`CERTIFICATE MANAGER` located at the upper right corner.
#. Copy the server root certificate into the ``CA certificate`` entry.
#. Copy and paste the device certificate and the private key into the respective entries (``Client certificate``, ``Private key``).
#. Select a desired security tag (any positive integer in the range of 0 to 2147483647) and click :guilabel:`Update certificates`.

.. important::
   The default security tag set by the **CERTIFICATE MANAGER** *16842753* is reserved for communications with :ref:`lib_nrf_cloud`.
   Overwriting this security tag entry will require you to flash new certificates if you want to establish a connection to the nRF Cloud.
