Digital public key certificates play an essential role within the GSMA eSIM and M2M remote provisioning solutions.
Specific requirements for mutual authentication make internet-focussed certificates unsuitable for the GSMA remote provisioning solutions. Instead, specific Public Key Infrastructure (PKIs) are defined for eSIM and M2M remote provisioning. GSMA PKIs enable eUICC and Subscription Management entities to identify and authenticate within the GSMA remote provisioning ecosystems, facilitating security and interoperability.
GSMA PKIs are managed by GSMA Certificate Issuers (CI); organisations recognised by GSMA as Certificate Authorities. GSMA CIs meet defined criteria (GSMA PRD SGP.28) and operate GSMA recognised certificate roots for certificate issuance, in line with the GSMA eUICC PKI Certificate Policy, GSMA PRD SGP.14.
GSMA PKI certificates can be used in eSIM and M2M product that:
- Meet the requirements of GSMA’s technical specifications for remote provisioning and
- have demonstrated both functional and security compliance to the GSMA specifications.
The GSMA eSIM and M2M compliance processes provide the common means to demonstrate compliance to the specifications and thereby eligibility for a GSMA CI issued certificate.
- Click here for more detail on the GSMA eSIM and M2M compliance processes.
Listed GSMA CIs
The following security certification partners are currently listed as GSMA Certificate Issuers:
|Organisation||Specifications||CI Contact||CI Website||GSMA Root CI Certificate||CRL Distribution Point|
|SGP.01 and SGP.02||Visit||Download||n/a|
|SGP.21 and SGP.22||Visit||Download||Download|
For further information, or to register an interest in providing PKI infrastructure for Remote SIM Provisioning, please contact the GSMA by sending email to RootCAs@gsma.com.
Test Certificates operated by GSMA CI
In addition to operating Live Certificate roots for commercial product, the GSMA CIs also operate Test Certificate roots. These enabling product developers to request Test Certificates for interoperability testing with pre-compliant product.
- Apply directly to the CI for Test Certificates using the individual CI contact details above.
- Test certificates are not interoperable with live production certificates.
- PKIs from eSIM (consumer) and M2M are not interchangeable, reflecting the different ecosystems.
Consumer: Test Certificate Issuer Declaration
For Consumer, GSMA maintains the Test Certificate Issuer Declarations that consists:
- A list of providers which support the test root certificate operated by GSMA CI, along with a list of the services they support using the test root certificate issuer.
- A list of alternate self-signed root test certificate issuers, along with SM-DP+ servers that support them.
Process to declare the supported Test Certificates
Once GSMA has processed the form, the company will be displayed below with the list of test certificates that its supports.