PLEASE NOTE:
After careful evaluation and consultation with Wi-Fi Alliance (WFA), Kyrio has decided to end its delivery of WFA PKI certificates, effective June 30, 2023. This decision was one that we weighed carefully and ultimately, we determined that we could not continue to provide the level of product and service that meets the needs of our customers and our own standards of delivery under the current market conditions.

As valued customers, we want to best support your transition from the Kyrio system, and we plan the following items:

  • All PKI certificates previously issued by Kyrio will remain valid until the certificate(s) expire or are revoked.
  • Kyrio will continue to support regular CRL issuance and OSCP responders as well as provide for revocation services as needed.
  • Certificates can continue to be purchased until June 30, 2023.
  • Any terms and conditions in the Digital Certificate Subscriber Agreement (DCSA) that survive termination will remain in effect.

The WFA can provide additional detail on the future support of PKI certificates in their ecosystem.

 

 

Kyrio is the exclusive public key infrastructure (PKI) provider for the Wi-Fi Alliance (WFA) and its members. Kyrio manages the WFA PKI and issues test and production certificates to ensure that WFA devices and systems meet security, encryption, and data integrity standards.   

If you are ready to place an order, submit the associated documentation to pkiops@kyrio.com: 

  • Your Digital Certificate Subscriber Agreement (DCSA) (if you are a new customer) and/or your Naming documents (if returning customer or you are new and ordering more than one certificate).   
  • Your CSR file.   
  • A purchase PO if paying via bank transfer and who to email for payment if paying with a Credit Card   

If you are looking for more information, let’s walk through the following questions:

What type of certificate(s) do you need? 

There are two types of certificates offered for WFA: 

  • Online SignUp (OSU) Server: used to complete registration and credential provisioning for mobile devices.
  • Test Bundles: used to test and validate the set-up of WFA authentication including certification of systems by an authorized test lab (ATL).​​

Are you an Authorized Test Lab?   

If you are an authorized Test Lab – please confirm here https://www.wi-fi.org/certification/authorized-test-laboratories that your company name is listed as pricing for Test Bundles are discounted for ATLs  

Is this your first time ordering certificates or are you getting additional certs or replacing an expiring cert?  

If this is your first time, you will need to complete a Digital Certificate Subscriber Agreement (DCSA), which details information about your organization that we’ll need to issue you certificates.   

If you are getting additional certificates or requesting a replacement for an expiring certificate, you simply need to complete the appropriate naming document.  Also, if replacing an expiring certificate, please indicate the expiration date of your current certificate so we can align the dates accordingly. 

If it’s been a while since you’ve ordered and your company contacts have changed, you’ll need to submit those updates via the Contact change form. 

Have you created your CSR file?​ 

You will need to complete a Certificate Signing Request (CSR) and include it as part of your request. Refer to Naming Document Subject DN section and make sure it matches your CSR exactly, including LLC/Inc., periods, commas, etc.  (For example: “MyCo, Inc.”).    

Need more details on creating a CSR file? See this handy reference.​ 

How much do certificates cost?  How do you want to pay?  

  • OSU Server Certs: $750 each (2 year expiration)
  • Test Bundles: $2,500 each (2 year expiration).  10% discount for ATLs ($2,250 each).

Payment can be completed via a bank transfer or via a credit card.  If choosing a bank transfer, please include a purchase order (PO) with your request.  For credit cards, Kyrio will send you the total amount to remit through our third-party payment portal (PayPal).  Please note there is a service charge associated with paying by credit card. Make sure to let us know if you are an ATL as there is a discount for the WFA Test Bundle for ATLs.   

Full payments are required prior to services/certificates being completed.

Where do I get the intermediate and root certificates?​ 

The root and intermediate certificates for WFA can be found on the PKI resources page. Please note, the intermediate certificate needed depends on which CA issued the certificate and the PKI resources page will provide more information.

Ready to go?

Please send the following in an email to pkiops@kyrio.com.   

  • Your DCSA (if you are a new customer) and/or your Naming documents (if returning customer or you are new and ordering more than one certificate).   
  • Your CSR file.   
  • A purchase PO if paying via bank transfer and who to email for payment if paying with a Credit Card   

What happens next?

Once you submit the documentation noted above, the Kyrio PKI Operations team will process your request.  Once payment has been received, certificates are usually available within 2 business days and posted to our secure delivery portal.  You will receive instructions on how to retrieve the certificates at that time.   

Do you have any questions?

Contact pkiops@kyrio.com with any questions you might have.