The Accredited Standards Committee X9 Inc. (X9) announced the successful signing ceremony for its X9 Financial PKI (Public Key Infrastructure) production root CA (Certificate Authority) certificate on June 13. This event initiates the lifecycle for new PKI products tailored for the financial services industry, which will be available from DigiCert starting June 19, 2025.
The signing ceremony, a highly controlled and formal event, involved the generation, review, and activation of the cryptographic keys underpinning the PKI root certificate. This transparent and auditable process brought together security officers, technical operators, and governance representatives to execute each step of key creation. This formal ceremony ensures that the root key pair, which serves as the ultimate trust anchor for all subsequent PKI certificates, has been generated and stored in accordance with stringent security standards. Adherence to industry benchmarks such as WebTrust for Certificate Authorities and the NIST Federal Information Processing Standards, along with ASC X9 governance rules, was validated through documented procedures, sign-off checklists, and third-party observation.
With the root CA certificate now established, subordinate issuing CAs can proceed to generate and sign end-entity certificates, including server SSL/TLS certificates and code-signing certificates, all of which will chain back to this newly created root. The root certificate and its associated trust chain will be embedded into X9 Financial PKI product offerings, tooling, and documentation for customers, who will be able to obtain these specialized products directly from DigiCert.
The availability of X9 Financial PKI is particularly timely given an upcoming change where the Chrome browser will no longer permit certificate chains that anchor in the public TLS root store for client authentication. This shift, while potentially disruptive to existing workflows, creates a critical need that X9 Financial PKI is designed to address. One of its inaugural solutions is specifically developed to bridge this gap, ensuring seamless and secure client authentication in Chrome browsers even after public-root chaining is disallowed.
Steve Stevens, X9 Executive Director, emphasized the rigorous security protocols. “Multi-person controls and custody of key components, pre-defined scripts and real-time video/audit logs guarantee that no single individual can compromise the root key. This instills confidence in X9 Financial PKI on the part of both financial institution regulators and end users,” Stevens stated, adding, “Along with emphasizing the technical rigor of the signing ceremony and its critical role in delivering secure, auditable PKI solutions to the financial industry, we offer special thanks to everyone who helped make this idea a reality.”
Dean Coclin, Senior Director of Digital Trust at DigiCert, commented on the significance for customers. “By conducting a formal signing ceremony under ASC X9 oversight, DigiCert reinforces its commitment to the highest standards of security and regulatory compliance. This transparent, hands-on approach not only safeguards sensitive financial transactions but also provides end customers, such as banks, payment networks and fintech innovators, with verifiable assurance that their digital identities rest on an uncompromised root of trust.”
The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop and maintain national and international standards for the financial services industry. X9’s standards cover a wide range of topics, including payments, corporate treasury, blockchain, financial transaction messaging, quantum computing, AI, and data breach notification. X9 also functions as the U.S. Technical Advisory Group (TAG) for ISO TC68 (Financial) and performs its secretariat functions.