CBRS Certificates for WInnForum 


After careful evaluation and consultation with WInnForum CBRS, Kyrio has decided to end its delivery of WInnForum PKI certificates. This decision was one that we weighed carefully and ultimately, we determined that we could not continue to provide the level of product and service that meets the needs of our customers and our own standards of delivery under the current market conditions.

As valued customers, we want to best support your transition from the Kyrio system, and we plan the following items:

  • All PKI certificates previously issued by Kyrio will remain valid until the certificate(s) expire or are revoked.
  • Kyrio will continue to support regular CRL issuance and OSCP responders as well as provide for revocation services as needed.
  • Certificates can continue to be purchased until June 30, 2023.
  • Any existing certificate balances in your account will be available for issuance until December 31, 2023. At that time, your accounts will be deactivated and no further certificates will be issued. Any existing balances will be voided.
  • Any terms and conditions in the Digital Certificate Subscriber Agreement (DCSA) that survive termination will remain in effect.

Alternative providers for the WInnForum CBRS PKI can be found at https://cbrs.wirelessinnovation.org/cbrs-root-ca-operators.



Kyrio is a WebTrust-certified registration and certificate authority for WInnForum CBRS. We provide eligible CBRS member companies with certificate-authenticated access to a secure portal to deliver CBRS certificates.

Kyrio is your Registration and Certificate Authority for WInnForum CBRS

Kyrio securely authenticates all requesters of CBRS certificates and takes our role in helping preserve the integrity of the CBRS ecosystem very seriously. We provide certificates to all CBRS participants, including Spectrum Allocation Server (SAS), Citizens Band Service Device (CBSD), domain proxy, certified professional installers and priority access license (PAL) holders.

Enabling strong mutual authentication between servers, base stations, installers and other systems, certificates are required for all participants in the CBRS ecosystem. Certificates ensure that access to the CBRS network is strictly controlled and limited to entities that can cryptographically verify their identities and access privileges.

Why Kyrio?

As a subsidiary of CableLabs, Kyrio leverages CableLabs’ rich history in providing high-quality security for DOCSIS® networked devices for 17 years, which constitutes one of the largest multi-vendor network ecosystems in the world, representing more than $100 billion in annual ecosystem revenue. In addition, Kyrio has unique insights into hardware and systems manufacturing processes to help our customers integrate security more seamlessly into their manufacturing process flows.

We’re happy to speak with all our customers to discuss their CBRS needs and determine how we can help simplify their product deployment into the market.

How to Get CBRS Certificates

  1. Determine the type of CBRS cert you need (e.g, CBSD, domain proxy, etc.) and the expected quantity.
  2. Complete the Digital Certificate Subscriber Agreement (DCSA) including the necessary exhibits that correspond to the certificates needed.  This document provides us with information about:
    • Your organization and its contacts
    • FCC Registrations associated with your organization (e.g. FRN for Domain Proxy; FCC ID for CBSDs)
    • Information that will go into the digital certificate(s) requested
    • The DCSA needs to be signed by someone with signing authority for the organization (typically VP or above)
    • Once this document is completed and signed, please send the entire document along with the initial quantity of certificates needed to our Kyrio PKI Operations department at pkiops@kyrio.com.   DCSA documents with missing pages cannot be accepted.
  3. Kyrio PKI Operations will start the Registration Authority (RA) process of validating the information and contacts on the DCSA. This usually takes 3-5 business days.
    Important Note:  This process may be delayed if the organization contacts on the DCSA not responding to our validation email and/or phone calls in a timely manner.  To help expedite this process, please let those organizational contacts know that their information is on the DCSA and we will be in contact with them.
  4. Kyrio PKI Operations will also provide you an invoice for payment.  Current pricing is available from pkiops@kyrio.com.  Payment needs to be completed prior to access to the certificates.
  5. Once the RA tasks and payment are complete, Kyrio PKI Operations will set-up your certificate requesting account (CRA) on our self-service partner portal.  From there you will be able to issue certificates as needed.  The Primary and Secondary Administrative contacts on the DCSA are the only users with access to the CRA.  Instructions on the portal will be provided separately.

If you have any questions about the attached documentation or the process described above, please let us know at pkiops@kyrio.com. and we will get you a response as soon as possible.

PKI Frequently Asked Questions

Understanding CBRS Public Key Infrastructure




Kyrio Root Certificates

If you are having trouble downloading these root certs or would like to speak to us about your security needs, please contact us.