Certicom Device CA PDF Print E-mail

Certicom’s certificate-based authentication quickly and efficiently prevents unauthorized devices from accessing restricted services.

With the Certicom Device Certificate Service, device manufacturers order certificates in bulk by providing Certicom with a list of MAC addresses or unique device IDs for the certificates. The manufacturers may either supply Certicom with pre-generated public-keys, or may allow Certicom to generate the private-public key pairs for the certificates. Certicom then securely returns the issued certificates encrypted to the manufacturers.

Certification Authority (CA) Management

The Certicom Device Certificate Service includes design and establishment of the CA structure for the right trust hierarchy, and (optionally) the corresponding Certificate Policy (CP) and Certificate Practices Statements (CPS) for the establishment and operation of the PKI system. The root CA represents the highest level of PKI trust for its sub-CAs and the device certificates issued. As such, it is critical that it resides in a highly secure hardware storage and facility environment. Certicom uses a proven, secure, auditable process to design, create, and store the root CA and its sub-CAs at its secure data center.

Optional Certificate Revocation Service

Certificate status checking is required when a relying party needs to verify the status of a certificate used for the authentication process. If your PKI application requires real-time certificate status checking besides the trust validation of the certificate chain, you may choose to subscribe to Certicom’s certificate status validation service via Certificate Revocation List (CRL). Specifically, the relying party (via the PKI application) checks the corresponding CRL specified in the certificate to see if the certificate in question is listed in the CRL. If it is, the certificate is deemed “revoked” and hence wouldn’t be trusted.

With Certicom Device Certificate Service, certificate revocation is a simple process. The Device Certificate Service administrator logs into the Web portal and uploads a revocation request file containing a list of certificate serial numbers to be revoked.


Certicom Corp.'s Self-Signed CA

Issuer: CN=Certicom sect163k1 ROOT CA,O=Certicom Corp,C=CA
Subject: CN=Certicom sect163k1 ROOT CA,O=Certicom Corp,C=CA

Certicom Corp.'s ZigBee Smart Energy Profile CA

Issuer: CN=Certicom sect163k1 ROOT CA,O=Certicom Corp,C=CA
Subject: CN=Certicom sect163k1 ZigBee CA,O=Certicom Corp,C=CA

Certicom Corp.'s Corporate Identity CA

Issuer: CN=Certicom sect163k1 ROOT CA,O=Certicom Corp,C=CA
Subject: CN=Certicom sect163k1 Corporate Identity CA,O=Certicom Corp,C=CA

Certicom Corp.'s corporate identity certificate

Issuer: CN=Certicom sect163k1 Corporate Identity CA,O=Certicom Corp,C=CA
Subject: CN=Certicom Corp sect163k1 ZigBee Corporate Identity,O=Certicom Corp,OU=TrustPoint,C=CA