light-mode-image
Learn

Manage issuer keys and certificates

Credentials must be signed with keys your organization controls. This page covers your key management options and the certificate chain of trust that lets verifiers recognize your credentials.

Manage issuer keys and certificates

Credentials must be signed with keys your organization controls. The signing certificate chain establishes trust. Verifiers check that the credential was signed by a recognized issuer.

Key management options

OptionDescriptionUse case
MATTR managed KMS (SSM)Software-based key storage managed by MATTRDefault for most deployments
MATTR managed KMS (HSM)Hardware Security Module for key protectionHigh-assurance requirements
External KMSBring your own key management solutionOrganizations with existing PKI

Refer to the PKI spec sheet for detailed information on MATTR's key management capabilities.

Certificate chain of trust

For mDL issuance, your signing certificates must chain to an Issuing Authority Certificate Authority (IACA) root. This is the same root that verifiers check during presentation.

See the certificates overview and chain of trust concepts for detailed guidance.

Next steps

Finally, learn how to manage credential lifecycle after issuance.

How would you rate this page?

Last updated on

On this page