Qualified Products List Join the Ecosystem Buy a SAFE Certified Credential Get in Touch FAQ’s

SAFE Identity Crypto Libraries Products Testing

The SAFE Identity QPL Lab tests software that supports x.509 chain processing capabilities against world leading digital signature standards developed by high level PKI experts to verify the software's ability to perform certification path validation as specified in the X.509 standard and RFC 5280.

Vendors who choose to have their products tested for certification on the SAFE QPL, are taking the first step toward confirming that their product(s) uses digital identities in the way the holders, issuers and Relying Parties expect.

Master Services Agreement (MSA)

Initial engagements with the SAFE QPL Lab begin with execution of the MSA and the payment required for testing and certification fees. After the MSA has been executed and payments have been made, the product vendor may then proceed with submitting the product for certification.

How does the testing process work?

Step 1:

Initial Engagement and application form package submission.

Step 2:

Application form is vetted and approved for testing.

Step 3:

The product enters the testing que and awaits the next available time slot for testing. *This phase could have multiple cycles.

Step 4:

The Vendor Product gets published to the SAFE Qualified Products List (QPL).

Test Specifications

The PKI Infrastructure used in the QPL Lab includes all certification paths used in the test suite.

Testing Tracks and Test Specification Mapping

Testing Track Description Installation Activities

Test cases that cover the minimum security requirements for validating X.509 certificates. This Track makes up the majority of PKI test cases.


Test cases to ensure the SDK supports advanced features of PKI that reduce system administrative management burden and increase security for edge cases. Also ensures the software recognizes varying levels of identity risk to help an organization decide whether or not they trust a digital signature.

After the application has been approved, the SAFE QPL Lab will contact the product vendor to schedule an installation date.
Once scheduled, the Lab will provide a virtual environment for host servers and clients.

Installation is considered complete once the QPL Lab is able to perform basic operations using the vendor’s software. Depending on the testing queue, installation may precede testing by several weeks.

If QPL Lab personnel have problems or anomalies that seem indicative of operator error rather than a system error, they will reach out to the vendor’s Technical Point of Contact for support. If configuration changes are needed, the QPL Lab will schedule a meeting where screens are shared so that the vendor can guide Lab personnel on what updates are needed.

Please Note: The product vendor may not update software post-installation or during testing.

Apply Now to have your product on the Qualified Products List

Fill the QPL Path Building and Validation application form and send it over to


Rely on the SAFE Trust Framework

The integrity of digital credentials varies widely from one provider to the next. Figuring out who to trust, why to trust them and how their security aligns with your needs can be a challenge. This makes trust hard.

The SAFE Identity Trust Framework, carefully cultivated over 15 years, can make trust much easier. The Trust Framework defines the policies and standards necessary to use secure and interoperable digital credentials that meet your needs. Issuers certified by SAFE are compliant with these policies and standards, ensuring this same security and interoperability across the ecosystem – and making trust a lot simpler for you.

Are you ready to consider your next steps ?

Rely on SAFE

Get in touch with
DirectTrust Identity


1629 K Street Northwest #300
Washington, DC 20006