SSL.com allows customers who are requesting Code Signing or Adobe Approved Trust List (AATL) Document Signing certificates to use an independent qualified auditor of their choice to attest that the customer’s private key was generated and is stored securely in a compliant Hardware Security Module (HSM). SSL.com refers to this process as “ BYOA” is a term we made up.
With BYOA, the customer provides SSL.com with:
- The Certificate Signing Request (CSR) generated by the HSM.
- Confirmation from an independent qualified auditor, approved by SSL.com, that the key pair was generated and is stored in a hardware crypto module certified to at least FIPS 140-2 Level 2 or equivalent under an approved operating environment.
This guide details the BYOA process, auditor requirements, key ceremony guidelines, and provides a form letter template for the auditor attestation.
Auditor Requirements and Approval
To perform the BYOA attestation, the independent auditor must be pre-approved by SSL.com. SSL.com evaluates auditors based on the following criteria:
- Technical competency: The auditor must have expertise in the field of digital certification and cybersecurity.
- Auditing qualifications: The auditor must hold a recognized auditing certification or qualification, such as being a WebTrust/ETSI auditor or having a Cloud Security Alliance CCAK.
- Code of ethics: The auditor must be bound by a professional code of ethics, typically through membership in a professional organization.
- Verifiable credentials: SSL.com must be able to verify the auditor’s credentials through public sources like an auditor registry.
If a customer’s preferred auditor is not already approved, the auditor can submit their qualifications to SSL.com for review against these criteria. SSL.com maintains a public list of pre-approved auditors for customers’ reference.
Key Generation Ceremony Guidelines
For the BYOA process, the auditor must witness the Key Generation Ceremony and confirm the following in their signed attestation letter:
- The private key was generated in a hardware crypto module that is certified to at least FIPS 140-2 Level 2 or equivalent.
- The HSM is operating in at least FIPS 140-2 Level 2 mode.
- Genuine, vulnerability-free HSM hardware and firmware were used.
- All communications with the HSM during key generation were authenticated and encrypted.
- The private key was generated inside the HSM and was never imported or exported.
- The private key is marked as non-extractable and sensitive, in compliance with PKCS#11 standards.
- User authentication is required for all access to the private key.
- The HSM’s operating environment has security controls equivalent to FIPS 140-2 Level 2 or higher.
- The auditor was present for the entire key generation ceremony and process with no indications of compromise.
SSL.com provides guidance on ceremony preparations, a detailed ceremony script, and the auditor attestation letter template to ensure all requirements are met.
Subscriber Obligations
As part of the BYOA process, SSL.com must obtain a contractual representation from the Subscriber that they will use one of the following methods to generate and protect their Code Signing Certificate private keys in a hardware crypto module with a design certified to at least FIPS 140-2 Level 2:
- SSL.com provides the Subscriber with a suitable HSM with one or more key pairs pre-generated by SSL.com.
- The Subscriber provides a report confirming the use of a compliant cloud-based key protection solution and HSM.
- An auditor approved by SSL.com, with IT and security training, witnesses and provides a report on the key pair generation in a compliant HSM.
- The Subscriber is using a Signing Service that meets the requirements detailed in the Baseline Requirements section 6.2.7.2.
Auditor Attestation Form Template
SSL.com provides a template for the auditor’s attestation form detailing the key points that must be addressed. The template is available for download here.
The auditor attestation form must be signed by the auditor performing the ceremony witness. Submissions without signatures or from auditors not approved by SSL.com will be rejected.
Conclusion
The BYOA process allows SSL.com customers to utilize an auditor of their choice for key generation attestation, providing more flexibility compared to CA-managed attestation, while still upholding the security standards required for Code Signing and Document Signing certificates through rigorous auditor vetting and ceremony criteria.
Customers interested in BYOA for their Code Signing or Document Signing certificate needs should ensure their selected auditor meets SSL.com’s qualification criteria and is approved before proceeding. SSL.com’s validation team is available to answer any questions and provide guidance throughout the BYOA preparation and execution process.
For more information or to initiate the BYOA process, please contact SSL.com support at support@ssl.com.
