HSM Attestation for EV Code Signing and PDF Document Signing
For EV code signing and PDF document signing certificates, your private keys must be generated and stored in a FIPS 140-2 level 2-certified device, such as a secure USB token or hardware security module (HSM).
For this reason, SSL.com usually issues its EV code signing and Business document signing certificates on YubiKey FIPS USB tokens. If you would like to install these types of certificates on a piece of hardware that you already own (or a cloud HSM service), we require proof that your private key was generated on the device before issuing any certificates. This process is known as attestation.
SSL.com currently offers automated attestation for YubiKey FIPS tokens. If you would like to order EV code signing or PDF document signing certificates for installation on another FIPS 140-2 Level 2 or higher certified device or cloud HSM service, please fill out and submit the form below. Our support staff will contact you about how we can help you prove attestation for private keys generated on the device. (Note that attestation for devices we do not currently support may incur fees for a remote witnessing procedure.)