Requesting PKI Certificates

CableLabs is the exclusive public key infrastructure (PKI) provider for the DOCSIS ecosystems. CableLabs manages the DOCSIS PKI and issues production certificates to ensure that DOCSIS devices and systems meet security, encryption and data integrity standards. ​

If you are ready to place an order, complete the DOCSIS Onboarding Checklist and submit it and the associated documentation to

Need test certs? Contact us.​

​If you are looking for more information, let’s walk through the following questions:​

Is this your first time ordering certificates (or has it been a while)?​
If this is your first time, you will need to complete a Digital Certificate Subscriber Agreement (DCSA), which details information about your organization that we’ll need to issue you certificates. Complete a DCSA.​

If it’s been a while since you’ve ordered and your company contacts have changed, you’ll need to submit those updates via the Contact change form

What type of certificate(s) do you need?
DOCSIS utilizes both server and client-side digital certificates that act as digital keys to ensure only clients and servers communicate with each and their communication is secure. Depending on the type of solution you are manufacturing, you may need to acquire DOCSIS CMTS certificates and/or DOCSIS client certificates to authenticate communication links.​

Have you completed your naming documents?​
If you are a new client and only ordering one certificate, then your DCSA will have the necessary information and you can move to the next question.​

If you are a returning customer, please fill in a Naming Document for each certificate you are ordering.​

Tip: Don’t forget to sign each naming document!​

Have you created your CSR file?​
You will need to complete a Certificate Signing Request (CSR) and include it as part of your request. Refer to Naming Document Subject DN section for more details. If you are a returning customer, please fill in a Naming Document for each certificate you are ordering​ and make sure it matches your CSR exactly, including LLC/Inc., periods, commas, etc. (For example: “MyCo, Inc.”).​

Need more details on creating a CSR file? See this handy reference.​

How much do certificates cost? How do you want to pay?​​
You can get the latest pricing and payment methods for certs by contacting

Ready to go?​​
Please complete the checklist and send the following in an email to​​

  1. The checklist with the details completed​
  2. New customers: Your DCSA ​
  3. Returning customers or new customers ordering more than one certificate include your naming documentsYour CSR​
  4. A purchase order (PO) if paying via bank transfer​
  5. Any additional information requested above (e.g. confirmation emails from OpenADR for product or name differences)​

What happens next?​
​Once you submit the documentation noted above, the CableLabs PKI Operations team will process your request and indicate when we will conduct the ceremony to generate your certificates.

  1. At least T – 10 days from ceremony:​Provide all documentation necessary for the ceremony (e.g. naming documents, purchase orders/payment, CSR, etc.​
  2. T – 9 days from ceremony:​PKI Ops performs initial review of documentation for validity. Any requests to update/correct for clarifications/errors will be sent back to you.​
  3. T – 5 days from ceremony:​Provide all corrected documentation if errors found. PKI Operations will perform a final review of the documentation. If any further errors are found, they will be noted along with the date of the next ceremony.​
  4. T – 4 days from ceremony:​CableLabs PKI Operations and Security Engineering teams complete necessary preparations for the ceremony.​
  5. T – 0 (Ceremony day)​The CableLabs teams perform the ceremony to generate the requested certificates.​

Once the ceremony is complete, the certificates will be posted and the PKI administrator will be notified.​

Do you have any questions? Contact: