All Products
Document Center

Certificate Management Service:FAQ about private certificates

Last Updated:Apr 25, 2024

This topic provides answers to some frequently asked questions about private certificates.

What type of certificate does Matter use?

Matter is a new smart home standard that is managed by the Connectivity Standards Alliance (CSA). Matter ensures seamless and secure cross-vendor connectivity for smart home devices, such as light switches, door locks, and media devices. All apps and hardware devices that support Matter can be easily and seamlessly connected for coordination. Smart home devices can connect to the smart home network of Matter only after Matter performs authentication and authenticity checks on the smart home devices. Then, the devices can communicate with other Matter-compliant devices. This helps ensure security and interoperability. The smart home network of Matter is also called the fabric network.

Matter implements device authentication based on public key infrastructure (PKI). Matter uses X.509 certificates to identify devices and ensure secure communication between devices. Matter uses the following types of certificates:

  • Device Attestation Certificates (DACs). A DAC is provided by a device manufacturer to uniquely identify the device vendor and product type. If a Matter device uses a DAC, you can use the certificate chain of the DAC to check whether the device is provided by the vendor that is indicated on the device package.

    DACs are issued by certificate authorities (CAs) or Product Attestation Authorities (PAAs). If developers want to launch devices that are authenticated by Matter, the developers must obtain a DAC for each device. Alibaba Cloud Certificate Management Service provides PCA that can help you build a PKI certificate system to meet the requirements of Matter.

  • A Node Operational Certificate (NOC) is issued by a Matter administrator during commissioning. A NOC is used to authenticate the identity of other devices and ensure the privacy and integrity of data communication in Matter.

How do I install the chain of trust for a private certificate in Google Chrome?

The following example describes how to import an Alibaba Cloud private root certificate.

  1. Perform the following steps. Copy the content of the root certificate, save the root certificate to your computer, and name the root certificate as root.crt.

    1. Log on to the Certificate Management Service console.

    2. In the left-side navigation pane, click Private Certificates.

    3. On the Private CAs tab, find the root certificate that you want to import and click image > Details in the Actions column.

    4. In the Details panel, copy the content of the root certificate, save the root certificate to your computer, and name the root certificate as root.crt.

  2. Install the root CA certificate in your browser. The location to install a certificate varies based on the browser. In the following example, Google Chrome is used.

    1. Open Google Chrome. On the right side of the top navigation bar, click image > Settings.

    2. On the Settings page, click Privacy and Security and select Security.

    3. In the Advanced section of the Security page, click Manage certificates.


    4. On the Trusted Root Certificate Authority tab, click Import and import the root certificate root.crt as prompted.