Kyrio is the exclusive public key infrastructure (PKI) provider for the Wi-Fi Alliance (WFA) and its members. Kyrio manages the WFA PKI and issues test and production certificates to ensure that WFA devices and systems meet security, encryption, and data integrity standards.   

If you are ready to place an order, submit the associated documentation to pkiops@kyrio.com: 

  • Your Online Sign-up (OSU) DCSA or Test Bundle DCSA (if you are a new customer) and/or your Naming documents (if returning customer or you are new and ordering more than one certificate).   
  • Your CSR file.   
  • A purchase PO if paying via bank transfer and who to email for payment if paying with a Credit Card   

If you are looking for more information, let’s walk through the following questions:

What type of certificate(s) do you need? 

There are two types of certificates offered for WFA: 

  • Online SignUp (OSU) Server: used to complete registration and credential provisioning for mobile devices.
  • Test Bundles: used to test and validate the set-up of WFA authentication including certification of systems by an authorized test lab (ATL).​​

Are you an Authorized Test Lab?   

If you are an authorized Test Lab – please confirm here https://www.wi-fi.org/certification/authorized-test-laboratories that your company name is listed as pricing for Test Bundles are discounted for ATLs  

Is this your first time ordering certificates or are you getting additional certs or replacing an expiring cert?  

If this is your first time, you will need to complete a Digital Certificate Subscriber Agreement (Online Sign-up (OSU) DCSA or Test Bundle DCSA), which details information about your organization that we’ll need to issue you certificates.   

If you are getting additional certificates or requesting a replacement for an expiring certificate, you simply need to complete the appropriate naming document.  Also, if replacing an expiring certificate, please indicate the expiration date of your current certificate so we can align the dates accordingly. 

If it’s been a while since you’ve ordered and your company contacts have changed, you’ll need to submit those updates via the Contact change form. 

Have you created your CSR file?​ 

You will need to complete a Certificate Signing Request (CSR) and include it as part of your request. Refer to Naming Document Subject DN section and make sure it matches your CSR exactly, including LLC/Inc., periods, commas, etc.  (For example: “MyCo, Inc.”).    

Need more details on creating a CSR file? See this handy reference.​ 

How much do certificates cost?  How do you want to pay?  

You can get the latest pricing for certs by contacting pkiops@kyrio.com. 

Payment can be completed via a bank transfer or via a credit card.  If choosing a bank transfer, please include a purchase order (PO) with your request.  For credit cards, Kyrio will send you the total amount to remit through our third-party payment portal (PayPal).  Please note there is a service charge associated with paying by credit card. Make sure to let us know if you are an ATL as there is a discount for the WFA Test Bundle for ATLs.   

Full payments are required prior to services/certificates being completed.

Ready to go?

Please send the following in an email to pkiops@kyrio.com.   

  • Your DCSA (if you are a new customer) and/or your Naming documents (if returning customer or you are new and ordering more than one certificate).   
  • Your CSR file.   
  • A purchase PO if paying via bank transfer and who to email for payment if paying with a Credit Card   

What happens next?

Once you submit the documentation noted above, the Kyrio PKI Operations team will process your request and indicate when we will conduct the ceremony to generate your certificates.     

Kyrio conducts PKI ceremonies one or two times a month based on demand.  Due to the preparation required for these ceremonies, we utilize the following schedule leading up to the ceremony:   

At least T – 10 days from ceremony  

  • Provide all documentation necessary for the ceremony (e.g. naming documents, purchase orders/payment, CSR, etc.   

T – 9 days from ceremony 

  • PKI Ops performs initial review of documentation for validity.  Any requests to update/correct for clarifications/errors will be sent back to you.   

T – 5 days from ceremony

  • Provide all corrected documentation if errors found. PKI Operations will perform a final review of the documentation.  If any further errors are found, they will be noted along with the date of the next ceremony.   

T - 4 days from ceremony

  • Kyrio PKI Operations and Security Engineering teams complete necessary preparations for the ceremony.    

T – 0 (Ceremony day)   

  • The Kyrio teams perform the ceremony to generate the requested certificates.    

Once the ceremony is complete, the certificates will be posted to the Kyrio Certs Portal and the PKI administrator will be notified.   

We value your feedback and want to ensure we’ve delivered the best possible service. A link to a brief survey (less than 3 minutes) will be sent to you shortly after the ceremony and we would greatly appreciate your response.    

Do you have any questions?

Contact pkiops@kyrio.com with any questions you might have.