Signing Ceremony for X9 Financial PKI Takes Place; Enables Generation of First PKI Products Tailored to the Financial Industry

 The Accredited Standards Committee X9 Inc. (X9) today announced that, after seven years of planning, the signing ceremony for the X9 Financial PKI (Public Key Infrastructure) production root CA (Certificate Authority) certificate took place on Friday, June 13. The ceremony kicks off the X9 Financial PKI lifecycle by creating its cryptographic trust foundation, allowing the first PKI products tailored to the financial services industry to be generated and marketed by DigiCert under the governance of X9. These first products will be available for purchase starting June 19, 2025.

A signing ceremony is a highly controlled formal event in which the cryptographic keys underpinning a PKI root certificate are generated, reviewed and activated. It brings together security officers, technical operators and governance representatives to execute each step of key creation in a transparent and auditable manner.

The formal ceremony ensures that the root key pair — the ultimate trust anchor for all subsequent PKI certificates — has been generated and stored according to the strictest security standards. Adherence to industry standards (such as WebTrust for Certificate Authorities and the NIST Federal Information Processing Standards) and ASC X9 governance rules is validated through documented procedures, sign-off checklists and third-party observation.

With the root CA certificate in place, subordinate issuing CAs can generate and sign end-entity certificates (e.g., server SSL/TLS certificates and code-signing certificates) that chain back to the root. The root certificate and associated trust chain are thus embedded into X9 Financial PKI product offerings, tooling and documentation for X9 Financial PKI customers, who can obtain these products from DigiCert.

X9 Financial PKI availability comes at an opportune time, as soon the Chrome browser will no longer allow certificate chains that anchor in the public TLS root store for client authentication. While this change can disrupt existing workflows, it creates an opportunity for X9 Financial PKI. One of the inaugural X9 Financial PKI solutions is designed specifically to bridge this gap, ensuring seamless, secure client authentication in Chrome browsers even after public-root chaining is not permitted.

“Multi-person controls and custody of key components, pre-defined scripts and real-time video/audit logs guarantee that no single individual can compromise the root key. This instills confidence in X9 Financial PKI on the part of both financial institution regulators and end users,” said X9 Executive Director Steve Stevens. “Along with emphasizing the technical rigor of the signing ceremony and its critical role in delivering secure, auditable PKI solutions to the financial industry, we offer special thanks to everyone who helped make this idea a reality.”

“By conducting a formal signing ceremony under ASC X9 oversight, DigiCert reinforces its commitment to the highest standards of security and regulatory compliance. This transparent, hands-on approach not only safeguards sensitive financial transactions but also provides end customers, such as banks, payment networks and fintech innovators, with verifiable assurance that their digital identities rest on an uncompromised root of trust,” said Dean Coclin, senior director of digital trust at DigiCert.

About the Accredited Standards Committee X9 Inc.

The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop and maintain national and – through ISO — international standards for the financial services industry. The subjects of X9’s standards include: retail, mobile and business payments; corporate treasury functions; block chain technology; processing of electronic legal orders issued to financial institutions; tracking of financial transactions and instruments; financial transaction messaging (ISO 8583 and 20022); quantum computing; AI, X9 Financial PKI; checks; cloud; data breach notification and more.

X9 acts as the U.S. Technical Advisory Group (TAG) for ISO TC68 (Financial) and performs the secretariat functions for ISO TC68. Please visit our website (www.x9.org) for more information.