Matter DAC
Matter DAC
Give every device its own cryptographic identity, required for Matter certification
The Matter Device Attestation Certificate (DAC) is a per-device identity certificate mandatory for every device seeking Matter certification. Issued by SSL.com, a CSA-authorized Product Attestation Authority (PAA).
What is a Matter DAC?
The Matter standard requires every certified device to carry a Device Attestation Certificate: a unique X.509 certificate issued during manufacturing that cryptographically identifies the device unit.
When a consumer sets up a Matter device (Apple Home, Google Home, Amazon Alexa, SmartThings), the controller requests the device's DAC and verifies its chain of trust back to the CSA Device Attestation Root. Devices without a valid DAC are rejected.
SSL.com is a CSA-authorized Product Attestation Authority: SSL-issued DACs are recognized by all Matter-compatible controllers.
How Matter DAC issuance works
Manufacturing integration
Manufacturer integrates SSL.com REST API into the production line.
Per-device DAC issued
Each device receives a unique DAC, signed by SSL.com's PAI under the CSA-authorized PAA root.
DAC stored in device
The DAC and private key are provisioned into the device's secure element.
Consumer setup
When added to a Matter controller, the device presents its DAC for attestation.
Attestation verified
Controller verifies DAC chain: device is authenticated and allowed to join.
Key benefits
Request Matter DAC access
Contact our IoT certificate team to discuss your device volumes, manufacturing-line integration, and pricing. Our team will confirm your eligibility as a Matter device manufacturer and set up REST API access for DAC issuance at production scale.
Compliance & standards
Matter (CSA)
Matter Device Attestation
FIPS 140-2
Frequently asked questions
One DAC per individual device unit: each must have its own unique certificate for Matter attestation.
Yes: SSL.com can issue a Matter PAI to your organization under its CSA-authorized PAA. Your DACs then come from your own named intermediate.
Via the SSL.com REST API. SSL.com provides integration documentation and support for manufacturing line integration.
A Matter DAC contains the device's unique identifier, the manufacturer's Product Identifier (PID), the Vendor Identifier (VID) matching the manufacturer's CSA registration, a unique serial number, validity period, and the digital signature of the PAI that issued it. This information allows any Matter controller to verify the device is genuine, identify the manufacturer, and confirm the device is CSA-certified.
Matter DACs are typically stored in a secure element or protected memory within the device during manufacturing. The Matter specification requires that the private key corresponding to the DAC be protected from extraction to prevent credential cloning. SSL.com provides guidance on secure DAC injection methods for different hardware platforms.
Generally, no. Matter DACs are provisioned during manufacturing and are intended to be permanent device credentials. If a DAC is compromised, the CSA has revocation mechanisms, but the standard expectation is that each device carries its original DAC for its operational lifetime, which is why manufacturing-line integrity for DAC injection is critical.
Once a PAI is in place, DAC issuance via the SSL.com SWS API is near-instantaneous per device. The API is designed to support the throughput required for high-volume manufacturing lines. PAI issuance requires CSA authorization confirmation and typically completes within 1–3 business days.
Yes. SSL.com's authorized CA status means that PAIs and DACs we issue are accepted by all CSA-certified Matter platforms globally, Apple HomeKit, Google Home, Amazon Alexa, Samsung SmartThings, and any other Matter-compliant controller or ecosystem.
