PLEASE NOTE:

After careful evaluation and consultation with Wireless Broadband Alliance (WBA), Kyrio has decided to end its delivery of WBA PKI certificates, effective June 30, 2023.  This decision was one that we weighed carefully and ultimately, we determined that we could not continue to provide the level of product and service that meets the needs of our customers and our own standards of delivery under the current market conditions. 

As valued customers, we want to best support your transition from the Kyrio system, and we plan the following items:   

  • All PKI certificates previously issued by Kyrio will remain valid until the certificate(s) expire or are revoked.
  • Kyrio will continue to support regular CRL issuance and OSCP responders as well as provide for revocation services as needed.
  • Certificates can continue to be purchased until June 30, 2023.
  • Any terms and conditions in the Digital Certificate Subscriber Agreement (DCSA) that survive termination will remain in effect.

The WBA can provide additional detail on the future support of PKI certificates in their ecosystem.

 

Kyrio has partnered with The Wireless Broadband Alliance (WBA) to ensure that the new WBA OpenRoaming™ service will be granted enterprise-level security. The WBA OpenRoaming Service, which removes the barriers to connectivity typically associated with public Wi-Fi, such as the need to constantly re-register or re-enter log-in credentials, will now greatly increase the level of security.

Kyrio joins Google and Cisco as an Issuing Intermediate Certificate Authority (ICA), providing innovative agent and registration authority services to the broader WBA family, including networks, operators, hubs and identity providers. We will also enable management and attribution of the WBA Unique Organization Identifiers that are critical for their partner identification on the OpenRoaming system. This information is centralized on a WBA global database to guarantee system harmony and enhanced security.

In order to get WBA WRIX End-Entity certificates, you must have a WBA Unique Organization Identifier (WBAID). To obtain a WBAID please contact WBA at contactus@wballiance.com

Get WBA WRIX PKI Certificates​

After obtaining a WBAID, the next step is to request WBA WRIX End-Entity Certificates.

  1. To begin, you or someone in your organization will need to complete the Digital Certificate Subscriber Agreement (DCSA).
    This document provides us with information about:

    • Contacts in your company
    • Information that will go into the digital certificate(s) requested
    • The DCSA needs to be signed by someone with signing authority for the organization (typically VP or above)
    • Once this document is completed and signed, please send the entire document to our Kyrio PKI Operations department at pkiops@kyrio.com.   DCSA documents with missing pages cannot be accepted.
  2. Kyrio PKI Operations will start the Registration Authority (RA) process of validating the information and contacts on the DCSA. This usually takes 3-5 business days.
    Important Note:  This process may be delayed if the organization contacts on the DCSA not responding to our validation email and/or phone calls in a timely manner.  To help expedite this process, please let those organizational contacts know that their information is on the DCSA and we will be in contact with them.
  3. While waiting for the RA process to complete, a Certificate Signing Request (CSR) will need to be created and sent to Kyrio PKI Operations at pkiops@kyrio.com.
    • There are instructions on how to create a CSR at the end of the WBA Operator’s End-Entity Deployment guidelines under Annex A. The information placed in the CSR must match the information in the DCSA certificate naming exhibit sent to the PKI Operations department.
      NOTE: Please only send the CSR file and not the PKI private key created during the CSR generation process.
  4. Once the Kyrio PKI Operations department has:
    • Received and validated the DCSA
    • Processed the payment
    • Received and validated the CSR

The requested certificate(s) will be issued, which can take 1-2 business days. Kyrio PKI Operations will email information to the Primary and Secondary Administrative contacts on the DCSA how to securely retrieve the newly issued certificate(s).

If you have any questions about the attached documentation or the process described above, please let us know at pkiops@kyrio.com. and we will get you a response as soon as possible.

 

We look forward to working with you and thank you for your business.