eSIM Certificates

Digital public key certificates play an essential role within the GSMA Consumer, IoT and M2M remote provisioning solutions. This page details the esential certificates existing in the eSIM ecosystems for Consumer, M2M and IoT including GSMA Certificate Issuer (CI), Test Certificates operated by GSMA CI, Test Certificate Issuer Declaration and eIM Certificate Information.

GSMA Certificate Issuer (CI)

Specific requirements for mutual authentication make internet-focussed certificates unsuitable for the GSMA remote provisioning solutions. Instead, specific Public Key Infrastructure (PKIs) are defined for eSIM and M2M remote provisioning. GSMA PKIs enable eUICC and Subscription Management entities to identify and authenticate within the GSMA remote provisioning ecosystems, facilitating security and interoperability.

GSMA PKIs are managed by GSMA Certificate Issuers (CI); organisations recognised by GSMA as Certificate Authorities. GSMA CIs meet defined criteria (GSMA PRD SGP.28) and operate GSMA recognised certificate roots for certificate issuance, in line with the GSMA eUICC PKI Certificate Policy, GSMA PRD SGP.14.

GSMA PKI certificates can be used in eSIM and M2M product that:

The GSMA eSIM and M2M compliance processes provide the common means to demonstrate compliance to the specifications and thereby eligibility for a GSMA CI issued certificate.

Listed GSMA CIs

The following security certification partners are currently listed as GSMA Certificate Issuers:

Organisation Specifications CI Contact CI Website GSMA Root CI Certificate CRL Distribution Point

SGP.01 and SGP.02 All Versions

 Email Visit Download n/a

SGP.21 and SGP.22 Version 2


SGP.21 and SGP.22 Version 3


SGP.31 and SGP.32 Version 1

Email Visit Download  Download

SGP.21 and SGP.22 Version 2


SGP.21 and SGP.22 Version 3


SGP.31 and SGP.32 Version 1

Email Visit  Download

For further information, or to register an interest in providing PKI infrastructure for Remote SIM Provisioning, please contact the GSMA by sending email to [email protected].

Test Certificates operated by GSMA CI

In addition to operating Live Certificate roots for commercial product, the GSMA CIs also operate Test Certificate roots. These enabling product developers to request Test Certificates for interoperability testing with pre-compliant product.

Note:

Consumer: Test Certificate Issuer Declaration

For Consumer, GSMA maintains the Test Certificate Issuer Declarations that consists:

Process to declare the supported Test Certificates

If your company is interested to declare the Test Certificates that are supported. Please complete the Test Certificate Issuer Submission Form and send it to [email protected]

Once GSMA has processed the form, the company will be displayed below with the list of test certificates that its supports.

Test Certificates – Company list

Company Name Activation Code with GSMA Test CI   Self-Test Certificates – Test Root CI Certificate   Self-Test Certificates Signed Test EUM
Certificate
Self-Test Certificates
Signed Test SM-DP+
Certificate
Self-Test Certificates- Activation Code E-mail Contact
TelcoVillage Activation Code  Test Root CI Certificate Link  Test EUM Certificate Link  Test SM-DP+ Certificate Link   Activation Code Link NA
RedTea Mobile Activation Code  Test Root CI Certificate Link  Test EUM Certificate Link  Test SM-DP+ Certificate Link 1 Test SM-DP+ Certificate Link 2 Test SM-DP+ Certificate Link 3   Activation Code Link Email

Resources

Test Certificate Issuer Submission Form

Key Documents

GSMA eUICC PKI Certificate Policy, SGP.14
eSIM CI Registration Criteria, SGP.28
Remote SIM Provisioning for M2M
Remote SIM Provisioning for Consumer
Test Certificate definition, SGP.26

eUICC IoT Remote Manager – Certificate Information

If your company is interested to declare an TLS/DTLS and ECDSA Certificates used in its eIM products on the market, please send an emall at [email protected]

The table is not intended to list a GSMA eIM Compliant Product but it ONLY lists the Certificate Issuer Name associated to a specific eIM Product regardless of GSMA Compliance Program.

The list of GSMA eIM Compliant product is available for GSMA members only. For futher information on GSMA RSP Compliance Program, please contact [email protected].

eIM Company NameeIM Product Marketing NameCertificate Issuer NameeIM Email Contact
eIM Information on TLS/DTLS and ECDSA Certificates

The list above does not list all the eIM product on the market. This declaration is optional and is issued under the sole responsibility of the RSP Product Vendor named.