HSM Attestation for EV Code Signing and PDF Document Signing
To order EV code signing and PDF document signing certificates from SSL.com, your private keys must be generated and stored in a FIPS 140-2 Level 2 (or higher) certified device, such as a secure USB token or hardware security module (HSM).
For this reason, SSL.com ships EV code signing and Business Identity document signing certificates to customers on YubiKey FIPS USB tokens. For any other HSM hardware or service (including customer-owned YubiKeys), we require proof that your private key was generated on the device before issuing any certificates. This process is known as attestation.
SSL.com currently offers automated attestation for YubiKey FIPS tokens, and has attestation procedures in place for AWS CloudHSM and Azure Dedicated HSM. At the present time, we do not offer document signing and EV code signing certificates for installation on other HSM cloud services or hardware.
SSL.com is currently developing and testing attestation procedures for a wide range of HSM platforms. If you are interested in ordering EV code signing or PDF document signing certificates from SSL.com for installation on an HSM that we do not currently support, and want to stay updated on platforms that SSL.com supports, please fill out and submit the form below.