GSMA Certificate Issuer (CI)

Digital public key certificates play an essential role within the GSMA eSIM and M2M remote provisioning solutions.

Specific requirements for mutual authentication make internet-focussed certificates unsuitable for the GSMA remote provisioning solutions. Instead, specific Public Key Infrastructure (PKIs) are defined for eSIM and M2M remote provisioning. GSMA PKIs enable eUICC and Subscription Management entities to identify and authenticate within the GSMA remote provisioning ecosystems, facilitating security and interoperability.

GSMA PKIs are managed by GSMA Certificate Issuers (CI); organisations recognised by GSMA as Certificate Authorities. GSMA CIs meet defined criteria (GSMA PRD SGP.28) and operate GSMA recognised certificate roots for certificate issuance, in line with the GSMA eUICC PKI Certificate Policy, GSMA PRD SGP.14.

GSMA PKI certificates can be used in eSIM and M2M product that:

  • Meet the requirements of GSMA’s technical specifications for remote provisioning and
  • have demonstrated both functional and security compliance to the GSMA specifications.

The GSMA eSIM and M2M compliance processes provide the common means to demonstrate compliance to the specifications and thereby eligibility for a GSMA CI issued certificate.

  • Click here for more detail on the GSMA eSIM and M2M compliance processes.

Listed GSMA CIs

The following security certification partners are currently listed as GSMA Certificate Issuers:

Organisation Specifications CI Contact CI Website GSMA Root CI Certificate CRL Distribution Point
SGP.01 and SGP.02  Email Visit Download n/a
SGP.21 and SGP.22 Email Visit Download  Download

For further information, or to register an interest in providing PKI infrastructure for Remote SIM Provisioning, please contact the GSMA by sending email to RootCAs@gsma.com.

Test Certificates operated by GSMA CI

In addition to operating Live Certificate roots for commercial product, the GSMA CIs also operate Test Certificate roots. These enabling product developers to request Test Certificates for interoperability testing with pre-compliant product.

  • Apply directly to the CI for Test Certificates using the individual CI contact details above.

Note:

  • Test certificates are not interoperable with live production certificates.
  • PKIs from eSIM (consumer) and M2M are not interchangeable, reflecting the different ecosystems.

Consumer: Test Certificate Issuer Declaration

For Consumer, GSMA maintains the Test Certificate Issuer Declarations that consists:

  • A list of providers which support the test root certificate operated by GSMA CI, along with a list of the services they support using the test root certificate issuer.
  • A list of alternate self-signed root test certificate issuers, along with SM-DP+ servers that support them.

Process to declare the supported Test Certificates

If your company is interested to declare the Test Certificates that are supported. Please complete the Test Certificate Issuer Submission Form and send it to TestCICertificates@gsma.com

Once GSMA has processed the form, the company will be displayed below with the list of test certificates that its supports.

Resources

Test Certificate Issuer Submission Form

Key Documents

GSMA eUICC PKI Certificate Policy, SGP.14
eSIM CI Registration Criteria, SGP.28
Remote SIM Provisioning for M2M
Remote SIM Provisioning for Consumer
Test Certificate definition, SGP.26