Digital public key certificates play an essential role within the GSMA eSIM and M2M remote provisioning solutions.
Specific requirements for mutual authentication make internet-focussed certificates unsuitable for the GSMA remote provisioning solutions. Instead, specific Public Key Infrastructure (PKIs) are defined for eSIM and M2M remote provisioning. GSMA PKIs enable eUICC and Subscription Management entities to identify and authenticate within the GSMA remote provisioning ecosystems, facilitating security and interoperability.
GSMA PKIs are managed by GSMA Certificate Issuers (CI); organisations recognised by GSMA as Certificate Authorities. GSMA CIs meet defined criteria (GSMA PRD SGP.28) and operate GSMA recognised certificate roots for certificate issuance, in line with the GSMA eUICC PKI Certificate Policy, GSMA PRD SGP.14.
GSMA PKI certificates can be used in eSIM and M2M product that:
- Meet the requirements of GSMA’s technical specifications for remote provisioning and
- have demonstrated both functional and security compliance to the GSMA specifications.
The GSMA eSIM and M2M compliance processes provide the common means to demonstrate compliance to the specifications and thereby eligibility for a GSMA CI issued certificate.
- Click here for more detail on the GSMA eSIM and M2M compliance processes.
In addition to operating Live Certificate roots for commercial product, the GSMA CIs also operate Test Certificate roots. These enabling product developers to request Test Certificates for interoperability testing with pre-compliant product.
- Apply directly to the CI for Test Certificates using the individual CI contact details below.
- Test certificates are not interoperable with live production certificates
- PKIs from eSIM (consumer) and M2M are not interchangeable, reflecting the different ecosystems.
Listed GSMA CIs
The following security certification partners are currently listed as GSMA Certificate Issuers:
|Organisation||Specifications||CI Contact||CI Website||GSMA Root CI Certificate||CRL Distribution Point|
|SGP.01 and SGP.02||Visit||Download||n/a|
|SGP.21 and SGP.22||Visit||Download||Download|
For further information, or to register an interest in providing PKI infrastructure for Remote SIM Provisioning, please contact the GSMA by sending email to RootCAs@gsma.com.