As mentioned in the main README, communication between the eUICC and the SM-DP+ or SM-DS uses HTTPS, as mandated by the relevant standards. The GSMA root certificates were created specifically for TLS certificate verification of such communication. These certificates are placed in the certs/ directory along with the root certificates of specific SM-DP+s that use their own chain of trust (having done so prior to GSMA creating the standard root CI). Hermes exclusively uses these root certificates for HTTPS communication between remote SIM provisioning entities.
The certificates currently used by Hermes are:
- prod/gsma-ci: GSMA root certificate, which is used as the primary root certificate for communication with non-test SM-DP+ and SM-DS entities.
- prod/gd-smdp: The root certificate used for communication with non-test G+D SM-DP+ servers (which predates the creation of GSMA's root certificates).
- test/gsma-ci: The primary root certificate for communication with test SM-DP+ and SM-DS entities.
- test/gd-smdp: The root certificate used for communication with test G+D SM-DP+ servers (which predates the creation of GSMA's root certificates).