PLEASE NOTE:

After careful evaluation and consultation with OpenADR, Kyrio has decided to end its delivery of OpenADR PKI certificates, effective June 30, 2023.  This decision was one that we weighed carefully and ultimately, we determined that we could not continue to provide the level of product and service that meets the needs of our customers and our own standards of delivery under the current market conditions.

As valued customers, we want to best support your transition from the Kyrio system, and we plan the following items:

  • All PKI certificates previously issued by Kyrio will remain valid until the certificate(s) expire or are revoked after June 30, 2023.
  • Kyrio will continue to support regular CRL issuance and OSCP responders as well as provide for revocation services as needed.
  • Certificates can continue to be purchased until June 30, 2023.
  • Any terms and conditions in the Digital Certificate Subscriber Agreement (DCSA) that survive termination will remain in effect.

Alternative providers for the OpenADR PKI can be found at https://www.openadr.org/cybersecurity.

 

Kyrio is the exclusive public key infrastructure (PKI) provider for OpenADR and its members. Kyrio manages the OpenADR PKI and issues production certificates to ensure that OpenADR devices and systems meet security, encryption and data integrity standards. 

If you are ready to place an order, complete the OpenADR Onboarding Checklist and submit it and the associated documentation to pkiops@kyrio.com

Need test certs? Click here.​

If you are looking for more information, let’s walk through the following questions:

Is this your first time ordering certificates (or has it been a while)?

If this is your first time, you will need to complete a Digital Certificate Subscriber Agreement (DCSA), which details information about your organization that we’ll need to issue you certificates. Complete a DCSA.

If it’s been a while since you’ve ordered and your company contacts have changed, you’ll need to submit those updates via the Contact change form

What type of certificate(s) do you need? 

OpenADR utilizes both server and client-side digital certificates that act as digital keys to ensure only clients and servers communicate with each and their communication is secure.  Depending on the type of solution you are manufacturing, you may need to acquire OpenADR Server certificates (VTN) and/or OpenADR Client certificates (VEN) to authenticate communication links.

The VTN certificates are offered with the option of either RSA and ECC encryption methodology. The VEN certificates are offered using just the RSA methodology.

  • RSA: Is one of the earliest public key cryptosystems around, and it’s currently the backbone most SSL certificates operate on. Named after its creators (Ron RivestAdi Shamir, and Leonard Adleman), RSA is to this day a solid, secure encryption scheme used across the world by websites.
  • ECC: ECC certificates, based on elliptic curve cryptography, are a more recent addition and have been in use for around 15 years. They typically require a smaller key size to provide the same level of security — meaning that ECC is more efficient.

Which to choose?  Because of its legacy, RSA certificates are more widely supported across a number of platforms and offers a strong and still unbroken security. ECC certificates are more efficient and may give you better security against future threats.  Either way, Kyrio can support your needs.

Are you a member of OpenADR and is your product certified?

To receive certificates, your organization must be an OpenADR member and your product(s) certified under OpenADR’s certification program.

You can confirm your membership by going to https://www.openadr.org/members and find your organization’s logo. If your logo is under a different name than what you are requesting with, you will need to indicate that on your request.

If you are part of a roll out with a different company or you do not see your logo on the members page, please reach out to Rolf Bienert with OpenADR at rolf@openadr.org to confirm we are allowed to issue the certificates to your company. Please attach emails of this confirmation with your submission.

You can confirm your product certification by going to https://products.openadr.org/. The URL to the product will need to be included in your request.

Have you completed your naming documents?

If you are a new client and only ordering one certificate, then your DCSA will have the necessary information and you can move to the next question.

If you are a returning customer, please fill in a Naming Document (VTN ECC Naming Doc, VTN RSA Naming Doc, VEN RSA Naming Doc) for each certificate you are ordering.

Tip: Don’t forget to sign each naming document!

Have you created your CSR file?

You will need to complete a Certificate Signing Request (CSR) and include it as part of your request. Refer to Naming Document Subject DN section for more details. If you are a returning customer, please fill in a Naming Document (VTN ECC Naming Doc, VTN RSA Naming Doc, VEN RSA Naming Doc) for each certificate you are orderingand make sure it matches your CSR exactly, including LLC/Inc., periods, commas, etc. (For example: “MyCo, Inc.”).

Need more details on creating a CSR file? See this handy reference.

How much do certificates cost?  How do you want to pay?​​

You can get the latest pricing and payment methods for VEN and VTN certs by contacting pkiops@kyrio.com.

Ready to go? ​​

Please complete the checklist and send the following in an email to pkiops@kyrio.com:​​

  • The checklist with the details completed
  • New customers: Your DCSA 
  • Returning customers or new customers ordering more than one certificate: naming documents (VTN ECC Naming Doc, VTN RSA Naming Doc, VEN RSA Naming Doc)
  • Your CSR
  • A purchase order (PO) if paying via bank transfer
  • Any additional information requested above (e.g. confirmation emails from OpenADR for product or name differences)

What happens next?

Once you submit the documentation noted above, the Kyrio PKI Operations team will process your request and indicate when we will conduct the ceremony to generate your certificates. 

Due to current COVID restrictions, Kyrio conducts PKI ceremonies once a month on the 2nd Wednesday of each month.  Due to the preparation required for these ceremonies, we utilize the following schedule leading up to the ceremony:​​

  • At least T – 10 days from ceremony:
  • Provide all documentation necessary for the ceremony (e.g. naming documents, purchase orders/payment, CSR, etc.
  • T – 9 days from ceremony:
  • PKI Ops performs initial review of documentation for validity.  Any requests to update/correct for clarifications/errors will be sent back to you.
  • T – 5 days from ceremony:
  • Provide all corrected documentation if errors found. PKI Operations will perform a final review of the documentation.  If any further errors are found, they will be noted along with the date of the next ceremony.
  • T – 4 days from ceremony:
  • Kyrio PKI Operations and Security Engineering teams complete necessary preperations for the ceremony.
  • T – 0 (Ceremony day)
  • The Kyrio teams perform the ceremony to generate the requested certificates.
  • Once the ceremony is complete, the certificates will be posted to the Kyrio Certs Portal and the PKI administrator will be notified.

We value your feedback and want to ensure we’ve delivered the best possible service. A link to a brief survey (less than 3 minutes) will be sent to you shortly after the ceremony and we would greatly appreciate your response.

Do you have any questions?

Please contact: pkiops@kyrio.com