Manage issuer keys and certificates
Credentials must be signed with keys your organization controls. This page covers your key management options and the certificate chain of trust that lets verifiers recognize your credentials.
Manage issuer keys and certificates
Credentials must be signed with keys your organization controls. The signing certificate chain establishes trust. Verifiers check that the credential was signed by a recognized issuer.
Key management options
| Option | Description | Use case |
|---|---|---|
| MATTR managed KMS (SSM) | Software-based key storage managed by MATTR | Default for most deployments |
| MATTR managed KMS (HSM) | Hardware Security Module for key protection | High-assurance requirements |
| External KMS | Bring your own key management solution | Organizations with existing PKI |
Refer to the PKI spec sheet for detailed information on MATTR's key management capabilities.
Certificate chain of trust
For mDL issuance, your signing certificates must chain to an Issuing Authority Certificate Authority (IACA) root. This is the same root that verifiers check during presentation.
See the certificates overview and chain of trust concepts for detailed guidance.
Next steps
Finally, learn how to manage credential lifecycle after issuance.
How would you rate this page?
Last updated on