My goal is to deploy an eSIM system for a private network, which requires these three components:
eUICC with certificate from private PKI/CA
eSIM profile with certificate from the same private PKI/CA
SM-DP+ and SM-SR software implementation
My issue is with the first component: how can I obtain or create an eUICC with a certificate from a private PKI/CA?
Is it possible to overwrite the certificate on a programmable SIM such as the sysmoEUICC1-C2T or any other similar cards?
Alternatively, do I need to purchase a blank MFF2 chip and provision the certificates manually? Is this really possible? If so, is there any open source tool developed by Osmocom that could assist with this task?
Or this certs are introduced by the chip manufacturer?
this would be the sysmoEUICC1-C2P (P == private CA) product. It’s a product sold only in a project-type business, made-to-order.
It is not an operation that you as the user can perform. sysmocom as the EUM (eUICC manufacturer) can produce eUICCs that contain CERT.EUICC which are derived from a CERT.EUM derived from your private CA. You can either set up that CA yourself (keeping in mind the very special requirements of SGP.21) or you can ask sysmocom to provide you with that CA (software only or using a HSM).
Only the eUICC manufacturer (EUM) can do that.
Its’ not he chip manufacturer (like Samsung, NXP, Infineon) and also not the eUICC OS provider, but the eUICC manufacturer who personalizes the eUICC that can do this.