From 2363012f9fa5e9115ed4b8c569a9d686515abbe2 Mon Sep 17 00:00:00 2001
From: Evgeny Margolis <emargolis@google.com>
Date: Fri, 28 Jul 2023 06:19:23 -1000
Subject: [PATCH] Implemented ExtractCDPExtensionCRLIssuerFromX509Cert() Helper
 Function (#28345)

* Implemented ExtractCDPExtensionCRLIssuerFromX509Cert() Helper Function

  - Extracts the cRLIssuer Name from the CDP extension pf the X509 ASN.1 Encoded Certificate
  - Only a single cRLIssuer DirectoryName is supported
  - The result is copied into buffer in a raw ASN.1 X.509 format
  - The result should be directly comparable with teh result of ExtractSubjectFromX509Cert()
  - Added OpenSSL, mbedTLS, TinyCrypt, and other implementations
  - Added CRLIssuer support to the CDP extension in the chip-cert tool
  - Generated new test vectors

* Restyled by clang-format

---------

Co-authored-by: Restyled.io <commits@restyled.io>
---
 ...hip-Test-DAC-FFF1-8000-0000-2CDPs-Cert.der | Bin 596 -> 600 bytes
 ...hip-Test-DAC-FFF1-8000-0000-2CDPs-Cert.pem |  18 +-
 ...1-8000-0000-2CDPs-Issuer-PAA-FFF1-Cert.der | Bin 0 -> 667 bytes
 ...1-8000-0000-2CDPs-Issuer-PAA-FFF1-Cert.pem |  16 +
 ...F1-8000-0000-2CDPs-Issuer-PAA-FFF1-Key.der | Bin 0 -> 121 bytes
 ...F1-8000-0000-2CDPs-Issuer-PAA-FFF1-Key.pem |   5 +
 ...0-0000-2CDPs-Issuer-PAI-FFF2-8004-Cert.der | Bin 0 -> 719 bytes
 ...0-0000-2CDPs-Issuer-PAI-FFF2-8004-Cert.pem |  17 +
 ...00-0000-2CDPs-Issuer-PAI-FFF2-8004-Key.der | Bin 0 -> 121 bytes
 ...00-0000-2CDPs-Issuer-PAI-FFF2-8004-Key.pem |   5 +
 ...Chip-Test-DAC-FFF1-8000-0000-2CDPs-Key.der | Bin 121 -> 121 bytes
 ...Chip-Test-DAC-FFF1-8000-0000-2CDPs-Key.pem |   6 +-
 ...000-0000-CDP-2CRLIssuers-PAA-FFF1-Cert.der | Bin 0 -> 674 bytes
 ...000-0000-CDP-2CRLIssuers-PAA-FFF1-Cert.pem |  17 +
 ...8000-0000-CDP-2CRLIssuers-PAA-FFF1-Key.der | Bin 0 -> 121 bytes
 ...8000-0000-CDP-2CRLIssuers-PAA-FFF1-Key.pem |   5 +
 ...-Test-DAC-FFF1-8000-0000-CDP-2DPs-Cert.der | Bin 0 -> 594 bytes
 ...-Test-DAC-FFF1-8000-0000-CDP-2DPs-Cert.pem |  15 +
 ...p-Test-DAC-FFF1-8000-0000-CDP-2DPs-Key.der | Bin 0 -> 121 bytes
 ...p-Test-DAC-FFF1-8000-0000-CDP-2DPs-Key.pem |   5 +
 ...Test-DAC-FFF1-8000-0000-CDP-2URIs-Cert.der | Bin 590 -> 585 bytes
 ...Test-DAC-FFF1-8000-0000-CDP-2URIs-Cert.pem |  18 +-
 ...-Test-DAC-FFF1-8000-0000-CDP-2URIs-Key.der | Bin 121 -> 121 bytes
 ...-Test-DAC-FFF1-8000-0000-CDP-2URIs-Key.pem |   6 +-
 ...0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Cert.der | Bin 0 -> 718 bytes
 ...0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Cert.pem |  17 +
 ...-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Key.der | Bin 0 -> 121 bytes
 ...-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Key.pem |   5 +
 .../Chip-Test-DAC-FFF1-8000-0000-CDP-Cert.der | Bin 551 -> 552 bytes
 .../Chip-Test-DAC-FFF1-8000-0000-CDP-Cert.pem |  16 +-
 ...Test-DAC-FFF1-8000-0000-CDP-HTTPS-Cert.der | Bin 553 -> 552 bytes
 ...Test-DAC-FFF1-8000-0000-CDP-HTTPS-Cert.pem |  14 +-
 ...-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Key.der | Bin 121 -> 121 bytes
 ...-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Key.pem |   6 +-
 ...FF1-8000-0000-CDP-Issuer-PAA-FFF1-Cert.der | Bin 0 -> 616 bytes
 ...FF1-8000-0000-CDP-Issuer-PAA-FFF1-Cert.pem |  15 +
 ...FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Key.der | Bin 0 -> 121 bytes
 ...FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Key.pem |   5 +
 ...F1-8000-0000-CDP-Issuer-PAA-NoVID-Cert.der | Bin 0 -> 594 bytes
 ...F1-8000-0000-CDP-Issuer-PAA-NoVID-Cert.pem |  15 +
 ...FF1-8000-0000-CDP-Issuer-PAA-NoVID-Key.der | Bin 0 -> 121 bytes
 ...FF1-8000-0000-CDP-Issuer-PAA-NoVID-Key.pem |   5 +
 ...000-0000-CDP-Issuer-PAI-FFF2-8004-Cert.der | Bin 0 -> 618 bytes
 ...000-0000-CDP-Issuer-PAI-FFF2-8004-Cert.pem |  15 +
 ...8000-0000-CDP-Issuer-PAI-FFF2-8004-Key.der | Bin 0 -> 121 bytes
 ...8000-0000-CDP-Issuer-PAI-FFF2-8004-Key.pem |   5 +
 ...000-CDP-Issuer-PAI-FFF2-8004-Long-Cert.der | Bin 0 -> 656 bytes
 ...000-CDP-Issuer-PAI-FFF2-8004-Long-Cert.pem |  16 +
 ...0000-CDP-Issuer-PAI-FFF2-8004-Long-Key.der | Bin 0 -> 121 bytes
 ...0000-CDP-Issuer-PAI-FFF2-8004-Long-Key.pem |   5 +
 .../Chip-Test-DAC-FFF1-8000-0000-CDP-Key.der  | Bin 121 -> 121 bytes
 .../Chip-Test-DAC-FFF1-8000-0000-CDP-Key.pem  |   6 +-
 ...-Test-DAC-FFF1-8000-0000-CDP-Long-Cert.der | Bin 599 -> 599 bytes
 ...-Test-DAC-FFF1-8000-0000-CDP-Long-Cert.pem |  14 +-
 ...p-Test-DAC-FFF1-8000-0000-CDP-Long-Key.der | Bin 121 -> 121 bytes
 ...p-Test-DAC-FFF1-8000-0000-CDP-Long-Key.pem |   6 +-
 ...C-FFF1-8000-0000-CDP-Wrong-Prefix-Cert.der | Bin 521 -> 555 bytes
 ...C-FFF1-8000-0000-CDP-Wrong-Prefix-Cert.pem |  21 +-
 ...AC-FFF1-8000-0000-CDP-Wrong-Prefix-Key.der | Bin 121 -> 121 bytes
 ...AC-FFF1-8000-0000-CDP-Wrong-Prefix-Key.pem |   6 +-
 .../Chip-Test-DAC-FFF1-8000-000A-Key.der      | Bin 121 -> 0 bytes
 .../test/gen-test-attestation-certs.sh        |  89 +-
 .../tests/CHIPAttCert_test_vectors.cpp        | 865 +++++++++++++++---
 .../tests/CHIPAttCert_test_vectors.h          |  45 +
 src/crypto/CHIPCryptoPAL.h                    |  10 +
 src/crypto/CHIPCryptoPALOpenSSL.cpp           |  80 +-
 src/crypto/CHIPCryptoPALPSA.cpp               | 123 ++-
 src/crypto/CHIPCryptoPALmbedTLS.cpp           | 123 ++-
 src/crypto/tests/CHIPCryptoPALTest.cpp        |  97 +-
 .../common/crypto/CHIPCryptoPALTinyCrypt.cpp  | 123 ++-
 .../crypto/CHIPCryptoPALNXPUltrafastP256.cpp  | 123 ++-
 .../silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp | 123 ++-
 .../silabs/efr32/CHIPCryptoPALPsaEfr32.cpp    | 123 ++-
 src/tools/chip-cert/CertUtils.cpp             |  14 +-
 src/tools/chip-cert/Cmd_GenAttCert.cpp        | 183 +++-
 src/tools/chip-cert/chip-cert.h               |  53 +-
 76 files changed, 2198 insertions(+), 301 deletions(-)
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Cert.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Cert.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Key.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Key.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Cert.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Cert.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Key.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Key.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Cert.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Cert.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Key.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Key.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Cert.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Cert.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Key.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Key.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Cert.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Cert.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Key.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Key.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Cert.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Cert.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Key.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Key.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Cert.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Cert.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Key.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Key.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Cert.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Cert.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Key.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Key.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Cert.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Cert.pem
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Key.der
 create mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Key.pem
 delete mode 100644 credentials/test/attestation/Chip-Test-DAC-FFF1-8000-000A-Key.der

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Cert.der
index 880b441bd42cc6ca50f5790b0ad817706dc771c6..298ff89c7b2b448c565e0082144bfee5a74bf3b0 100644
GIT binary patch
delta 268
zcmV+n0rURU1lR-@FoFV9FoFU4paTK{0s;t9(5z>&4BnNI7w1N-fFYr=6LpAEu`JY=
z9@-Uf-kxn!w@Vr&e4!jxmv2b0^l=rs+9Gu>W*Ecp-WUk*Dqb$7<<6}T-P=K<f!Fh+
zfx$3=zLP`&DHPgbb`9Ce*wH96S(KYXnxWLxq8XEc0Z@N11_M<c9|S2dCom<TBcLIM
zA82%Ra5^t9Wq4t2aBO8RV{dIQbY*jNUt@A?E^uXSFbW0;DuzhTJp=;+14sZcMFJoP
zVe4n&OIbFu1VI#5ji#3f$D)<<iN9yh;!s3uV7!+CApqsp0GtRE$-?ZcZUx|PX;lHv
SI!V9IA5{o}&_PY{;!E>7NN(Q%

delta 245
zcmV<R01E%u1k?l<FoFV5FoFU0paTK{0s;t0ZTs6hUa~`x7w1MwtzPsY`iG(kYV?3y
z$F|Df5BJcpH8j%^Cz9Bl0pAn16#??Z1!$6+_?x>Z53pyG4NNFP`EybdS2>TiGLqb*
zfxR$+x|2i!DHKKA{58rMC~>3i7P1wKXdC0{ij0$i0Z=I{1_M<c9|R>ZBQPPLAD|tE
z8)$TNa5^t9Wq4t2aBO8RV{dIQV{&XVll}o0Ln=4`y*mIMNx-Rb7`Sl#O9@nK24M%U
v?UkDE3|j#!j{+e8;fYb`<L+#uJ!i6Dj2gZ6UzEIg-ZdL0A!<R~lCu#a=I&(X

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Cert.pem
index e9568978ab1aea..3358474d6e9094 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Cert.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Cert.pem
@@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIICUDCCAfagAwIBAgIISW372zteskMwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+MIICVDCCAfqgAwIBAgIIUtCsZ7IM3pUwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
 TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
 gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMFQx
 JjAkBgNVBAMMHU1hdHRlciBUZXN0IERBQyAwMDAwIFR3byBDRFBzMRQwEgYKKwYB
 BAGConwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBDgwMDAwWTATBgcqhkjOPQIB
-BggqhkjOPQMBBwNCAARKrV70IfqHoglq9IBcx7bK3w/30LA1NNMRJ5LYnAHfE7cV
-AfLEBWiSm/ibuygPsGeTDUwoQvlzUhJXOY+2MpLco4G9MIG6MAwGA1UdEwEB/wQC
-MAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBRF3Pw1yhkocaPuFrIVi2gb4+mK
-jDAfBgNVHSMEGDAWgBSvQrcJTevVFexuzzO4ERUiXzJSiDAsBgNVHR8EJTAjMCGg
-H6AdhhtodHRwczovL2V4YW1wbGUuY29tL2NybC5wZW0wLAYDVR0fBCUwIzAhoB+g
-HYYbaHR0cDovL2V4YW1wbGUuY29tL2NybDIucGVtMAoGCCqGSM49BAMCA0gAMEUC
-ICo4AL07AB1JwKlxGLhw/UsJVGsGYQev7ZWa7wxbASuPAiEA4YlR6OPubKM9Z7Jg
-jBq99l+UvHneNRsmIWpB3JKzESI=
+BggqhkjOPQMBBwNCAASsgCGhsRN1iFKxLNSXHtoVcN6ebVO3SxolfKEcVpdvSLD0
+cRW62iJ1LmYYw/DeGAjwKl4upeXOrRDd20Gjgdfzo4HBMIG+MAwGA1UdEwEB/wQC
+MAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTaYnYN2crY0SgzWZSbQpqh1NSi
+GTAfBgNVHSMEGDAWgBSvQrcJTevVFexuzzO4ERUiXzJSiDAsBgNVHR8EJTAjMCGg
+H6AdhhtodHRwczovL2V4YW1wbGUuY29tL2NybC5wZW0wMAYDVR0fBCkwJzAloCOg
+IYYfaHR0cDovL2V4YW1wbGUuY29tL3Rlc3RfY3JsLnBlbTAKBggqhkjOPQQDAgNI
+ADBFAiAHYetn4ktZNrIEQRRWjaaXCMeilfOJv2fP4lBEa2C8lwIhAOXWAJwIFMnC
+7KxuBeBvaVUBzjpJv84fVYHQQU3x4kvz
 -----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..554445538704cc48fa15b0bb958ef67dfdef174c
GIT binary patch
literal 667
zcmXqLVw!Hy#ALgGnTe5!i6chIs{LE(4@CnmHV&;ek8`#x%uEJuh7ty1Y|No7%sl+Q
zi6teeMG7IQ#U%;>j-G}h210CH+H8z0j7^Jbm>79j+}zv@(L|YeSS$>HKtY_>$k4#d
z$imRX$k@a<N`l`K2n>ykfymU-)H2E-(a_ky5Mq-SvP~|I&I(`?jGSEpiWNMIi%Wry
z2yk>%z+xSKM?@M3v$2D{#>5EqBQqmAvl9bLr}4-0*Q$5FUfFeW{tQXUXu-l2_MXb$
zrf_}uq)@#q;(k<G{^YGc-o)*C+jB<gOSWKutGY^8yrx;Kv&LNa!|4@^8^0Sgelg$y
zx?fh9k?}tZlL3PPABe{f;sHaFy}>{h#OGrXV-XQp-;<iq{H}M|LbmGPmA{Q<t;<X@
zkOxUCvjD@pL1ewtc23{dS4H3Coj2YgD5?~16x3mm1X3W+5^WG^5WYZufoz*}MoCFQ
zv6a4lYDHphK~Ab(a(=FUa#4<6L2B+IlO;w51~_BS5iOpe0cT(Uu|v~9-9UAL@&d&+
zd5|4wR+Io!Ks?kQ<kZ6K!C>IZq{y(DLHg5grO!Sh$}A5f0%m+Pd7*x<<oJYNlLhR2
s7r*bD&ZJP%+vwHo&%&^Q_hIS(UF(vvVy6i_6ghS8x8iNxxsna;02G$OA^-pY

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Cert.pem
new file mode 100644
index 00000000000000..7c9bd7d3e287ce
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Cert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIClzCCAj2gAwIBAgIIXCI6h/Z1+CEwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMGEx
+MzAxBgNVBAMMKk1hdHRlciBUZXN0IERBQyAwMDAwIDJDRFBzIElzc3VlciBQQUEg
+RkZGMTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDAQ4MDAw
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEiTPxz9Z7u+upismfmBkZWxFxqD9J
+I/aUCvDyIHumWN9aZm+TtfjsXrrtjMwi9GsRUEUnJIpfKTZdQyidR8NneKOB9zCB
+9DAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUEK+MZWCD
+7o2moQZ7+3n7MpquaWIwHwYDVR0jBBgwFoAUr0K3CU3r1RXsbs8zuBEVIl8yUogw
+YgYDVR0fBFswWTBXoB+gHYYbaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmwucGVtojSk
+MjAwMRgwFgYDVQQDDA9NYXR0ZXIgVGVzdCBQQUExFDASBgorBgEEAYKifAIBDARG
+RkYxMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9leGFtcGxlLmNvbS90ZXN0X2Ny
+bC5wZW0wCgYIKoZIzj0EAwIDSAAwRQIhALMAG/L7IvNMFCME4VhQmPE06CfedMeQ
++pMQPk2j746XAiB0jYFKg08EALAN4XX/uq5ial2WEOEUyt77IdstnRmARw==
+-----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Key.der
new file mode 100644
index 0000000000000000000000000000000000000000..6abefaeebc776dba9b8154c972f037db0f1934ef
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1R!=HR|g;o3`i3xUi?#Pv{CM5^26sM`$WUNc%WE$RokEn1_&yK
zNX|V20SBQ(13~}<i8Jxf)_c3_sfx*;m>C&c5pk$LNh9`@3h?qEd!|_5T4ryPwfO8_
by6ue2BJ^t!P(>#sieD)<T|+3HN5f}$RrE70

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Key.pem
new file mode 100644
index 00000000000000..f206bc9a74d358
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHYhVwcgCQxIEyle/FNqtFHuZfLD5yL7RMO9eKBYeVXboAoGCCqGSM49
+AwEHoUQDQgAEiTPxz9Z7u+upismfmBkZWxFxqD9JI/aUCvDyIHumWN9aZm+Ttfjs
+XrrtjMwi9GsRUEUnJIpfKTZdQyidR8NneA==
+-----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..d1d24277ebb1e99832532a87b4e44f0933de85f6
GIT binary patch
literal 719
zcmXqLVmfWm#8kL|nTe5!i6e*6Yv+^mw|oq^*f_M>JkHs&Ff$pr8A=$4u`!3TF!S*H
zCYF?>7Ab_J7MCalIC>h27znX(X|pl1Fg7i!VPfQAadUGsL=$D=VX-g(0tIniBSQl-
zBMU<lBV!ZeC<%T`ATTsC1|m~SQ_CoWTtj;UTZm0&$Tqn+IxB!paCQk$@GLGa1v&v}
zy8_TMBL$$@CJG_t`3gYEVl=DqJ1EjXn2jCmO(sUDf0-HCnVlF|7OYlXFP_1uvy%6v
zXMF2YKcDCJl0UNx<mxxn=Pyb+x_8|Pj@jz#oH+e=<R^;%KmY00(!Wb%9|%2K?Dbsq
zY+;-B;wDBpgC<5P10JAnWQ7?S|FbX|Fc|QGc>Ew9FkIOi3}iukJ{B<+5#6GoH(w4P
zn7;9)#F4A|uct@`-YYPW2T3cl07Jh)WWCdNPT$v8Mc?F|H{KyAsuXV&)M3!L6Qn|(
zrE#M{<2r-T1@a4I+oUr}N(zdt^z~CK5_1c3QuUJabM=#pa`XyPa~BycF)+|G)G^Qk
z>H|inGIAh;0@SxGGsOxVs=ft47AR<GWh_z(WA<P$aAi`cI=kD~e8)wBd^4jbVl90s
zr*@q#5IJlpu~BiG=MgEtcqT=L3C&Y>o;j{IwOWzy>uyPbzhACQJ2mZ6-Xghu6W{5a
Ho?Qe0A12or

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Cert.pem
new file mode 100644
index 00000000000000..2fa675509e0c06
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Cert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyzCCAnGgAwIBAgIIbAFKueTP2kwwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMG0x
+PzA9BgNVBAMMNk1hdHRlciBUZXN0IERBQyAwMDAwIENEUCBJc3N1ZXIgUEFJIEZG
+RjIgODAwNCBUd28gQ0RQczEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEE
+AYKifAICDAQ4MDAwMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoKslrxdoASyp
+DelJX4WlTkznPxn5a3Aef7B/b6Jixb2uyAibJ65CCU+4b2EX/8/y2qX9pV3gEuKj
+SucVzXGGK6OCAR4wggEaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB0G
+A1UdDgQWBBQtclLs9MPAl7HpGMTVL+uUGVHecDAfBgNVHSMEGDAWgBSvQrcJTevV
+FexuzzO4ERUiXzJSiDCBuQYDVR0fBIGxMIGuMFWgH6AdhhtodHRwczovL2V4YW1w
+bGUuY29tL2NybC5wZW2iMqQwMC4xLDAqBgNVBAMMI01hdHRlciBUZXN0IFBBSSBN
+dmlkOkZGRjIgTXBpZDo4MDA0MFWgH6AdhhtodHRwczovL2V4YW1wbGUuY29tL2Ny
+bC5wZW2iMqQwMC4xLDAqBgNVBAMMI01hdHRlciBUZXN0IFBBSSBNdmlkOkZGRjIg
+TXBpZDo4MDA0MAoGCCqGSM49BAMCA0gAMEUCIHrNu003uNEQbzYy5BaEjmTKustw
+FMMxGLEhtknEGk5fAiEAkIOUuczHJpV7IQ71uxkQ/fTUlsqW0m6iHr6R7izLm3I=
+-----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Key.der
new file mode 100644
index 0000000000000000000000000000000000000000..0a87f1aac2ea43b45f309546a559a3781420a68d
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1RxYehn7Na69}R+XS~OUkfjVL_A(!uE^3;-qZ@0#&WfN41_&yK
zNX|V20SBQ(13~}<psOXX7ia-2sSW8#UxlSkOy@rt`D<_<f3SaVqGH9puE+?RC$2&X
bPq=Sk7yr-l+NJ%aUEmVpqe|x$&2fe+o{chq

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Key.pem
new file mode 100644
index 00000000000000..e97bdf13bffe85
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIBRFh5ZCbhMIojNnvMeHkKUMKPYyH5ouapq+oxtrv86KoAoGCCqGSM49
+AwEHoUQDQgAEoKslrxdoASypDelJX4WlTkznPxn5a3Aef7B/b6Jixb2uyAibJ65C
+CU+4b2EX/8/y2qX9pV3gEuKjSucVzXGGKw==
+-----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Key.der
index 6db711ca7bde9c17d06f721587d41036be8165c0..93c8e6273c7a75ba62cbc3396bea6a8cb8b48b26 100644
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1Ryz9brvpQLO4@aF-Jk^Y{+q-4Y6J&cA;3M*uo1pGUA{L1_&yK
zNX|V20SBQ(13~}<tbie*u@iNOQn4)5mmb;`aNeG6Q@2YRC48YAR+n!`u=H^iy4oUj
bE@l|R@ZJ~*@G4#|rRC185Z&8Bqk-4+HIXqd

literal 121
zcmV-<0EYiCcLD(c1R$9DLf8*RoJGcPYNtuQA%Fq4*vQ%_#BN2{N?d5D-+rJ91_&yK
zNX|V20SBQ(13~}<O08b>A^L}+32O9!T*tP`-w*fDur)N(5hs$^oB`hxw-o{M#06-Q
boA{f%C=ak_lMPHLLiux25?48owlb335lu9W

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Key.pem
index 39a7c256c79722..db0e8adfd47fac 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Key.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Key.pem
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIJj6QtgPRpxFxnBqp0m+IYABttjI2ijEbkXYSlxoqN9+oAoGCCqGSM49
-AwEHoUQDQgAESq1e9CH6h6IJavSAXMe2yt8P99CwNTTTESeS2JwB3xO3FQHyxAVo
-kpv4m7soD7Bnkw1MKEL5c1ISVzmPtjKS3A==
+MHcCAQEEIDlWdRYuYEI4U1YxR0HpbMhxoA2xXiV2oVil2MILNzLioAoGCCqGSM49
+AwEHoUQDQgAErIAhobETdYhSsSzUlx7aFXDenm1Tt0saJXyhHFaXb0iw9HEVutoi
+dS5mGMPw3hgI8CpeLqXlzq0Q3dtBo4HX8w==
 -----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..4118bf261aab7795ee799d15c048ca8641492ba4
GIT binary patch
literal 674
zcmXqLVwz{r#N@JonTe5!iG#;(=ZRyF`=SiE*f_M>JkHs&Ff$pr8A=$4u`!3TF!S*H
zCYF?>7Ab_J7MCalIC>h27znX(X|pl1Fg7i!VPfQAadUGsL=$D=VX-g(0tIniBSQl-
zBMU<lBV!ZeC<%T`ATTsC1|m~SQ_CoWBtsJeBZy7f$Tqn+IxB!paCQk$FjDX=E-p<i
zDh4{hQ2~p6_+1fcAk4-N_8Su;)RWAN?95IKEafg{v$lUusxjU)d#OX;3%0{$hRxhB
zzU_Ix<ZI;qH0cK$<07?BZaP*tt7YCRkwBq*&FW?P4*ATkM#t2fy8fkYUEKKBpz)Uh
z56}a$!i<dnS(pqM4ER7ieh?2Bl<W-#vLHSmix`VY!YlWawm&(3#4J7=tRR$~_?3%w
zuYo*BTA2kH;0+?{owjrOzP>8@ChxrQ4na|+c%z^WgT|R474j^N6Ac>s3>v!^$S;s>
zlg=n9DJZtm*H5iT%q_@C)l1IL)lV+U(JM&JU6irJ$iM(+6gr|s7Buk4(Sw|5m^~N_
zT$vPN8Vufx?t1sfqS@;a=fbyB0#oi!zo$D*Uf|l#uTMA4p24KZFeQGLRp05(Q$A(O
am>Dbh*>>*jQ<%r@Z1pWlku~w(a!vrpH^8O<

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Cert.pem
new file mode 100644
index 00000000000000..0b0ec0b21ba4bd
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Cert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICnjCCAkSgAwIBAgIIDD65yMbjjlowCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMGIx
+NDAyBgNVBAMMK01hdHRlciBUZXN0IERBQyAwMDAwIENEUCAyIElzc3VlcnMgUEFB
+IEZGRjExFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGConwCAgwEODAw
+MDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHdENpq382J8M7KbpUCO6AbDdjGD
+C+j2vO+k9Vm/ZhvgsV5ZK8myxnGahJ7qFFESbyl7pi9AbwNFMsYngor+ZrWjgf0w
+gfowDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFGDqR8k9
++Qj4XKPNUyASa2H1CgW9MB8GA1UdIwQYMBaAFK9CtwlN69UV7G7PM7gRFSJfMlKI
+MIGZBgNVHR8EgZEwgY4wgYugH6AdhhtodHRwczovL2V4YW1wbGUuY29tL2NybC5w
+ZW2iaKQyMDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8
+AgEMBEZGRjGkMjAwMRgwFgYDVQQDDA9NYXR0ZXIgVGVzdCBQQUExFDASBgorBgEE
+AYKifAIBDARGRkYxMAoGCCqGSM49BAMCA0gAMEUCIFyAMO8Vuu78OINK4gmh7ZRR
+ZN+X3i2WHxDW+fXlspuYAiEAlF+aOo7LicpMdqYDAXgPBrm9jiCeB0M69lohBWH+
+pwk=
+-----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Key.der
new file mode 100644
index 0000000000000000000000000000000000000000..4804d20a9b02c996a6e589260b0627e1642a8610
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1R!=gZY>asb2d-VThM`<<vq-hWMOqOm%rPJWpF&Z)61X=1_&yK
zNX|V20SBQ(13~}<cSJUtxAS6rGqRhdK#u4J!*(%)3+VQ|@1*rvzh)cYv0hm#$+E_A
bnuMO}6j2gyDSM_bKyL#@GR7x@ivDJ`&}TH$

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Key.pem
new file mode 100644
index 00000000000000..ab76ccba59e990
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIHY6bi0QinM2T9Bb0IGb5T3MkGRhdTKXv9uKZXA8u9PLoAoGCCqGSM49
+AwEHoUQDQgAEd0Q2mrfzYnwzspulQI7oBsN2MYML6Pa876T1Wb9mG+CxXlkrybLG
+cZqEnuoUURJvKXumL0BvA0UyxieCiv5mtQ==
+-----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..58eb46a620f98182dd13c182c775bd515707da14
GIT binary patch
literal 594
zcmXqLV)8R+V*IjznTe5!i9;rCmP}yMgZBnpY#dr`9_MUXn3)XR3?&T2*qB3En0fep
z6H7``ixfgqi%S#&96b$1420OYwAmP07@HQ=FfsD5xVgC*qKPu`uvi!Xfr2=%k)eT^
zk%gg&k+F$!lmx#e5EvR61Cgnvsb!Qwtf9VvF2p7^WSd+ZofW_)gp}tiIJ*QWXn+_l
z0mYhVR^fL*q=7ISJJ?%Hj8OkEGqN)~F|f@3t|@e4N*J5vQfsHr?hebgdc4s)bvJ@}
z-HzgXqXV<eey$Nyc{%0NPZeh&=4^du9n~c}FLQ16ES=qHDRKX{&4R^^n+zJ)8}I<#
zE-TE)_@9NzfWd$d#N!9?fT76VU?2<P^RbAri1cU`Nz_;JT|1rl=#szWukiB*(-REj
zLDI@Bz_4x*S?{!+)A#jN(KmVLjduu&D#aTGbr|@A6v(r97`PcIE|6a!+a{e+Qc_TC
zrLUh_k(gVMld6}TpR1o-l%rRWnoEolq)2A=U@&lHQe=2`b^e_x(JL23UFhB(9Q#=0
zZPe5s@hiDP-aWaW?IAhuER%w%EaOym&C9tCxo_*gi-laOTtE4&M>F&0^L@@6U4KkH
F0RRQ)v1$MS

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Cert.pem
new file mode 100644
index 00000000000000..5a900044e8eb34
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Cert.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTjCCAfSgAwIBAgIIHF6aHFFi4O8wCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMF0x
+LzAtBgNVBAMMJk1hdHRlciBUZXN0IERBQyAwMDAwIFR3byBDRFAgKFR3byBEUHMp
+MRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBDgwMDAwWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAASb9ykSyJRWBjmlO0LzR0CmtUjsLsrdWAOu
+uHNvMsCbNvmsFiTplPL5JEMSA2svQywlpLnTCrVJdZuJORjf2zygo4GyMIGvMAwG
+A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBSMKnIYf3kO1sth
+4tJPGfpXzzCXYDAfBgNVHSMEGDAWgBSvQrcJTevVFexuzzO4ERUiXzJSiDBPBgNV
+HR8ESDBGMCGgH6AdhhtodHRwczovL2V4YW1wbGUuY29tL2NybC5wZW0wIaAfoB2G
+G2h0dHBzOi8vZXhhbXBsZS5jb20vY3JsLnBlbTAKBggqhkjOPQQDAgNIADBFAiEA
+5tWf3JRbqaBa0Iu3U13jFO1alfhfqQpU7uTfa0gZns0CIDUdAZUHKdNtQG3tf/cW
+VNJ5r5PNSIMDs8+OQ7FF+JXI
+-----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Key.der
new file mode 100644
index 0000000000000000000000000000000000000000..7ec21313ce8a161104bbd795bb139391fb85b8b8
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1Ry&wt4(y5acV)a@#X^uHCB9RLpq;o$}L=NzD~$|OgEqk1_&yK
zNX|V20SBQ(13~}<oA)Ua$dpzFIi)*7^G86YwMgtP%H3E4uDEk=GQgWQ`K%Ts>6G&M
bBtsGdYcE4AC8W923bjdfn~6CX-`hN(mew#e

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Key.pem
new file mode 100644
index 00000000000000..ec6200464d4953
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIDswq010l3FqQbHx5gMHNVZ8aEM6n2rKLVxtvk7IfEw3oAoGCCqGSM49
+AwEHoUQDQgAEm/cpEsiUVgY5pTtC80dAprVI7C7K3VgDrrhzbzLAmzb5rBYk6ZTy
++SRDEgNrL0MsJaS50wq1SXWbiTkY39s8oA==
+-----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Cert.der
index 3e725cc85cd818fade063a80fae48781c44d7d53..d33c10b313a0652d0d22cc791c4a623cc402274c 100644
GIT binary patch
delta 257
zcmV+c0sj8Z1jz&!FoFU_FoFT=paTK{0s;tm-04mEBOk_*7wtyHmz6HFEMSWc@nchQ
zow}@2gX|iPipoHYlJKHdMql8!Hpk*?z(DX=!k`p4cw683Qrm6!ebtATmso`;@wX+T
zfvhlrsgp_pDHJ{!gB6@AbId3t7VU$O67h##W(Sjp0U{Sk1_M<c9|S@$KrlX_JfJ#;
z8)$TNaC4Kt0Tu^_8)$TNaC4Kt0T)#Y1_&yKNX|V30|Em`05C-YApos0igb@f1fISt
z=EbFuxJj!3x@o*$$Uya8OQ`jMMEC+A4_V>;UvSNHf*p`;PV~oN+dSGosOVVH;pheH
H&lTyouitKy

delta 263
zcmV+i0r>vO1kMB(FoFU~FoFT_paTK{0s;tMJQSsNnpG{47wtycMnZPVidzq#NXw=N
z|Lv0Ys1p=tVfcHw0Pk!=Yv=*yr^U$WVhPI;1ZwZEjw=J1wkh=>146WnG<uPlhvQeH
zfw3@wu9HduDHP1CcnO-sf312BxdAN5^dg7}t6`Ie0U{Po1_M<c9|T7*MKB<s9-thC
z8fbKMaFf6R79TJnpdX+eh8t*fbZ|N^FJ*XPZE$R5E@N+PFJp3SGL!EC7DOOw6g0z3
z)3r<-r<=tHLg(Gp?YDTvqJ`<MRAK)eb~%3nApq@7;serJ)zfkNvrSx__r9qT)`&%3
NO5flwe+gtih`fFxZ<qi8

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Cert.pem
index 966c5025d8811f..9ef90b3c13ada7 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Cert.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Cert.pem
@@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIICSjCCAfCgAwIBAgIIXzwUpXaaVS0wCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+MIICRTCCAeugAwIBAgIIedzpTfkjH8YwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
 TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
 gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMFox
 LDAqBgNVBAMMI01hdHRlciBUZXN0IERBQyAwMDAwIENEUCAoVHdvIFVSSXMpMRQw
 EgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBDgwMDAwWTATBgcq
-hkjOPQIBBggqhkjOPQMBBwNCAATaRkJ2yopbD59Iy6YH/+2S9qgTFGdh+Hu5AO9s
-Q2voAeanxcjpYgnLEQRq76+OKwOZtin1IANCtIw0epGZh+NXo4GxMIGuMAwGA1Ud
-EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTMrHgJmsR/rXoOuQEs
-yPQiiAmrYTAfBgNVHSMEGDAWgBSvQrcJTevVFexuzzO4ERUiXzJSiDBOBgNVHR8E
-RzBFMCCgHqAchhpodHRwOi8vZXhhbXBsZS5jb20vY3JsLnBlbTAhoB+gHYYbaHR0
-cDovL2V4YW1wbGUuY29tL2NybDIucGVtMAoGCCqGSM49BAMCA0gAMEUCIGoUNMNM
-07VMHKebxQhC593V7bd4xaKF6a5UYf8ddjl/AiEA7U3iA9Ja1dNx+7NNXJz3vqkS
-1ohFXkrf4C9/CWQ/iLw=
+hkjOPQIBBggqhkjOPQMBBwNCAATFl5Uusyxgiw7xY1NxnbqsUoPsGo6KykCMkvCi
+VkZf4Lc2x+JrwEDwWMKgFDd4W9/5Uttt933Vh5eXWIUo8bclo4GsMIGpMAwGA1Ud
+EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBQ+GIMVnCpzzCgkFu2D
+kBLxh15mBzAfBgNVHSMEGDAWgBSvQrcJTevVFexuzzO4ERUiXzJSiDBJBgNVHR8E
+QjBAMD6gPKA6hhtodHRwczovL2V4YW1wbGUuY29tL2NybC5wZW2GG2h0dHBzOi8v
+ZXhhbXBsZS5jb20vY3JsLnBlbTAKBggqhkjOPQQDAgNIADBFAiEArTGKdI9FBJ6+
+K+bFpZC4SasAumm8X8hA9V5LqPWBRPgCIA9Z4f1fcM1zgh2QbU70x2HbPNo/qOhY
+0eHoBevPFem4
 -----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Key.der
index db0b5753f9dd5c3514b46757b61af4db759a76ed..5aab47d59f2b3103fca827b99bcc2c4e61c60528 100644
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1R#4zU_zk8q(uh;F!jsX=RTdeE(69m3&U>9Ox7|IB>kWY1_&yK
zNX|V20SBQ(13~}<#g~;Xvn*hX4)J4Cah<xXQiJRoj*7}ajFRx8Rz_dow>HP(YrsJ8
bSi+zbH+Wm$`BK|$_kGoemzP+DDDk%?e@`|g

literal 121
zcmV-<0EYiCcLD(c1R%Y|%srch4HOG*9qRScx65PvarRDZsG9RMxtK$KZO5Pr1_&yK
zNX|V20SBQ(13~}<+D1Zl%8FYLpGeE52mkGo_NWsSXJPnzxd88MLu=>(=BLHT>0$}X
b5d>=QuZ}ANnYJnQAOk|Qj5K<YnTO+7dq_58

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Key.pem
index 63ce1fe337d991..ee83f6d2537196 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Key.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Key.pem
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIL3FzD2bhQ0UC24d6vXSt8tj/HH2TmyomvM0uZhDfm3HoAoGCCqGSM49
-AwEHoUQDQgAE2kZCdsqKWw+fSMumB//tkvaoExRnYfh7uQDvbENr6AHmp8XI6WIJ
-yxEEau+vjisDmbYp9SADQrSMNHqRmYfjVw==
+MHcCAQEEIHtIYEKgxKRFBwIw9cvZ5z6duS4DxjgLw27LTNYyEiT9oAoGCCqGSM49
+AwEHoUQDQgAExZeVLrMsYIsO8WNTcZ26rFKD7BqOispAjJLwolZGX+C3Nsfia8BA
+8FjCoBQ3eFvf+VLbbfd91YeXl1iFKPG3JQ==
 -----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..9a5454f6b16a5399cb7019102a6c854a99570ab8
GIT binary patch
literal 718
zcmXqLVmf8e#8kL|nTe5!iNjeUG~(%m@KOUVHV&;ek8`#x%uEJuh7ty1Y|No7%sl+Q
zi6teeMG7IQ#U%;>j-G}h210CH+H8z0j7^Jbm>79j+}zv@(L|YeSS$>HKtY_>$k4#d
z$imRX$k@a<N`l`K2n>ykfymU-)H2E-)6m+$5@M4PvP~|I&I(`?oLvGGJd2A<fldf;
zbW{LYrl1j0p0D5%P^^h&Eq=#D8VIwogT2Va2=yy7BRjJb1553X=Cg5kiYi3rHE`P)
zs625!I%TI|>)FQ~5%qrSwzWpi%;H}s86Z1<^L|00z@wGZVy{K|&+71t$+r}&_@VtW
zd~p+_l0g%roB<EeC$hqfjQ?4f3>XafKs<gB4;ZHG4F<9xJ|Bx1i-=A0)-Izx3QTL8
zv!~w|cqr32ZDzlLJV;uZ1sL)TBI}*DbNar%D*7hxyzve}QKfjJpbmq^y&x6xER9<Y
z8aEk)FOXj#+a{e+Qc_TCrLUh_k(gVMld6}TpR1o-l%rRWn!CtkiIIT;&Zu<69(uGh
z7%7D@yE7QLFe#*O+{5?ychJG8{g!gyZrD6oVNlGtszP4;>-U$dZP+$-GAV>VX!H9a
g)_Zbez}M&tZ#Qx+5}y{9=buoyb*C)H%<f660X=8Tga7~l

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Cert.pem
new file mode 100644
index 00000000000000..41e61730040441
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Cert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAnGgAwIBAgIIQxhVWOWQV3UwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMGkx
+OzA5BgNVBAMMMk1hdHRlciBUZXN0IERBQyAwMDAwIENEUCBJc3N1ZXIgUEFBIEZG
+RjEgKFR3byBEUHMpMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQBgqJ8
+AgIMBDgwMDAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9+IPNXtxyeBSegAs8
+MCTkRcWUuRGFzeMIWH9OrraFWZlqD64ZUB2fs78RElHFeZZd1llPmohOXG85EXj4
+K+lXo4IBIjCCAR4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0O
+BBYEFDyDtYoyvCACrYNrl98Q4RyBlpmPMB8GA1UdIwQYMBaAFK9CtwlN69UV7G7P
+M7gRFSJfMlKIMIG9BgNVHR8EgbUwgbIwV6AfoB2GG2h0dHBzOi8vZXhhbXBsZS5j
+b20vY3JsLnBlbaI0pDIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYK
+KwYBBAGConwCAQwERkZGMTBXoB+gHYYbaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmwu
+cGVtojSkMjAwMRgwFgYDVQQDDA9NYXR0ZXIgVGVzdCBQQUExFDASBgorBgEEAYKi
+fAIBDARGRkYxMAoGCCqGSM49BAMCA0cAMEQCIGexvA7j+1LBWr85HvbYPOSoMHMB
+qngfF/X36as8BrKJAiBX4IZO+BaNybFQ9VvQ7bEKoheWVm5PYHm1uR0ImYuSqw==
+-----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Key.der
new file mode 100644
index 0000000000000000000000000000000000000000..01aca914e0993da9c431691b56f0bb85698a10cb
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1RzzF(j|wCiua_0*$)wWJ9394LO1{x@JwwGN6ZDV<}aWM1_&yK
zNX|V20SBQ(13~}<efWdTUfgnc6rO+!JTN5WMa7i45rxg;2v~nkuC|3)nQ9NN8BiUc
bv%e7%QN?+dUDjDonutzZZ#fZo_$%pGr{6Eq

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Key.pem
new file mode 100644
index 00000000000000..46a29d94440698
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFWV0iWHjIr3pIPZDxF7O3KHJEI4ABbwTG0QR8wFsOYvoAoGCCqGSM49
+AwEHoUQDQgAEffiDzV7ccngUnoALPDAk5EXFlLkRhc3jCFh/Tq62hVmZag+uGVAd
+n7O/ERJRxXmWXdZZT5qITlxvORF4+CvpVw==
+-----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Cert.der
index 5733c1377e82ce6f883385cd16ccca1a28dad6f5..5ac428433b24761e1f55ba6993b110328edf42ef 100644
GIT binary patch
delta 200
zcmV;(05|`q1gHcTFoFUkFoFTepaTK{0s;s~|KI)YV;Vz|7wJGju6DP4-m8FIMR(Fy
zww|fxBu^-@!Fi9+J?vE64uqu(lAhfuzA@8=aV75+W}dy15$|SPbRjrs#I2mJ1XRhB
zKmjil?|6mam(vyf2|Ez3Rmt>l5fkT)lY;?UN=X1PMgk!KgQEI~upz3w{=x{a=8gU5
zD>@4}<EJnx`*E5W5dl_d0wDnX+5@ihW^gq3tD4wlK{``Kp%5CU$G#{t#Lm&&GYt*I
C6<O{8

delta 199
zcmV;&0671s1g8WSFoFUjFoFTepaTK{0s;teWo;XJE*7Mb7wJIb0Uq9;QChR<x|1dT
z@;jEzaa=m;IL?6{i2QBmtS}}c`=<trJ_*zQRGSgZUk+JpPTS5td!i>FxX_yPA)Y;x
zKmjilXhX;|qdA|LLKQx-tj{l%SYH}YlY;?UNk{-NMFJpYN=y?w$=Xd6cr~m1B-JeJ
zqo9wX^yccqu3$kQHua<eApoizp_3oHn*Y{EGOP0*sP+@VXCDtDq%mjWj-9NN9vC37
BRm}hZ

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Cert.pem
index c4fb6b4f2ffcf2..79ff3bb3ec121b 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Cert.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Cert.pem
@@ -1,14 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIICIzCCAcmgAwIBAgIIcWVtG3ouFqQwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+MIICJDCCAcmgAwIBAgIISP/f/e5jGkMwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
 TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
 gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMFYx
 KDAmBgNVBAMMH01hdHRlciBUZXN0IERBQyAwMDAwIENEUCAoSFRUUCkxFDASBgor
 BgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGConwCAgwEODAwMDBZMBMGByqGSM49
-AgEGCCqGSM49AwEHA0IABOMBHt6fUVqz6bqTJf7yO5bNcVw66jjOgR6I/G3nrDAm
-I/unBos+CdP+VJsRzF8OWWxO284+e6InH7jQmvQhnj2jgY4wgYswDAYDVR0TAQH/
-BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFGhDyDOjOZ+YQhU+sazPL5VY
-XxpQMB8GA1UdIwQYMBaAFK9CtwlN69UV7G7PM7gRFSJfMlKIMCsGA1UdHwQkMCIw
-IKAeoByGGmh0dHA6Ly9leGFtcGxlLmNvbS9jcmwucGVtMAoGCCqGSM49BAMCA0gA
-MEUCIGVKTBM7ydpNFHg1q/wk1Szso6CPovTm6sKuYEEfNvWkAiEAqhyhkx+8mv/W
-RzKr8x6o9hPBZx8PIqQxZ+KOnayTHhg=
+AgEGCCqGSM49AwEHA0IABEGudrd83quAXEV30le2nqnmJE8oscF5j9A97FTcDoSl
+C5Ke3Sm+MdOGcSXvFWaevZMR72ZcdCE4aMStnK4EVMmjgY4wgYswDAYDVR0TAQH/
+BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFO94heCX0xX9CTsQrlXJ9HAR
+E+eNMB8GA1UdIwQYMBaAFK9CtwlN69UV7G7PM7gRFSJfMlKIMCsGA1UdHwQkMCIw
+IKAeoByGGmh0dHA6Ly9leGFtcGxlLmNvbS9jcmwucGVtMAoGCCqGSM49BAMCA0kA
+MEYCIQCDovqIsCGqvf7CCK/mjf3nKzoLOOOnMCr7cZoYEQFWaQIhAP3aA67zZnA0
+96ua2GVBOlNFoRAap8e+KDPEztHcMw0N
 -----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Cert.der
index 4022bc555b649404577903adf8a6f3eeecae6549..7ea6546c058ccb6b5d16e5bbbb816ff6ac82dfb4 100644
GIT binary patch
delta 198
zcmV;%06G7u1gHcTFoFUkFoFTgpaTK{0s;sZ{%vdNzS0ws7wSOjxJKQ5ABa!q7m6Z5
zr{7&M^tl_xyLt$83AvdyD$fJ1$V`%3_QC-o?&wW^ffBpU!ZG8tA{w1x7~FYFZoP+-
zK>;rm<G!aUmfZJixv=pa87sOM>0C1SlY{|WNJjuLL;@fx$7)vBq`7`}ER|4*LE_a^
zRT>75$T9}lvVY~SRd!wiARxP?Nyp8dzGMsNENG+rHn6bm^<QxPv3#;cfdGTnb#Jj+
A&Hw-a

delta 199
zcmV;&0671s1gQiUFoFUlFoFTgpaTK{0s;s$s6ktOKPw)Q7wSOSD<s}gYmUu6Xky-n
z{5$u4a1n9G3t5c+UjlyuxFF~H2fEbc*uEwl2>UUW)u=RrIw;IX1GmK$eiWWws(1yH
zK>;rmqXIMdZ$Qx+#b1D>z^N)wZ|a{hlY{|WNk{-NMFJpG?CRP)T}!u6%jfvf30V@<
z$mRPV?=U1E&y|BIK+u{3Apo^kUc9FpgnoC`)zLu)yNACwosy)T>WvVf;fqKRE+5(D
BR(b#c

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Cert.pem
index 1cc3bfe2334852..039ba4be4caec0 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Cert.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Cert.pem
@@ -1,14 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIICJTCCAcugAwIBAgIINKhBW30/Kx4wCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+MIICJDCCAcugAwIBAgIIF/5ta+m+0hMwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
 TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
 gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMFcx
 KTAnBgNVBAMMIE1hdHRlciBUZXN0IERBQyAwMDAwIENEUCAoSFRUUFMpMRQwEgYK
 KwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBDgwMDAwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAATZKyTeUWuOzT5oYt6H/Dv3fnARcccLWYz/XwJ/Argg
-5/oHutTk2L4mHAj7MZXVqDSCOijMRwO3xRV+FJ5eqngFo4GPMIGMMAwGA1UdEwEB
-/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBSjAjP4b0DRGsVfgKXAqSpQ
-b+qfMTAfBgNVHSMEGDAWgBSvQrcJTevVFexuzzO4ERUiXzJSiDAsBgNVHR8EJTAj
+PQIBBggqhkjOPQMBBwNCAATquEbdfR+IT+cXiiJBp99dMfS5G8a7egh0CbmZNSrP
+A67ITJJb9sIBIu7oTX6BErvOwjHjtCIanWEY3HlLbr2Ho4GPMIGMMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTjvqcpltz3a7mw8R0ZK7oX
+6Vwy+DAfBgNVHSMEGDAWgBSvQrcJTevVFexuzzO4ERUiXzJSiDAsBgNVHR8EJTAj
 MCGgH6AdhhtodHRwczovL2V4YW1wbGUuY29tL2NybC5wZW0wCgYIKoZIzj0EAwID
-SAAwRQIgU+zq2jxdS7dQy+f40QlZEtTI5fsf7zAkH8+VgylA0JoCIQC1V168pxuE
-fnfV1dFBBruHvzedkqSd6o0QoOGLSBAuHw==
+RwAwRAIgKsdqVtekuX52LJVQiEHi1VRVGgaPyDIG2LJ/5a5Vdl4CICC7pUnHzZ2+
+ZAvoLGij/DawsO31X3D9sXyyRYEAg9Z1
 -----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Key.der
index 1c41899873d8c2a1116df4bcc95e42d297aeaa22..7dfce53143d887feb3b4a7af2f620c2086ddf255 100644
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1R!@tC(=04+B*2u<&CB_X?bnE`HB4M)`14%?H<ZJDEFWW1_&yK
zNX|V20SBQ(13~}<>bOSTeIJNV=NF11L8sqcG4#0`#=Ck5bP2hcH7d^ouE<Q1TlT^M
bBJSu-et{CZ&cZR{v?3avVHn(bOK!b~#6>p>

literal 121
zcmV-<0EYiCcLD(c1Rw;Y6$6Gj(N1ELZ$=toRo9~n3*4+~n9cZ$7H}$ZpF5xm1_&yK
zNX|V20SBQ(13~}<*()U8QEQIPK4@azhx|MDesB?S#|v4E|6c-s0=OXO`Ukqy<k-F@
b90>a{mDQ*;f;uS7M+3LT6@C<+UaEKnvjQ;2

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Key.pem
index ccd6216112c5e8..06aa1bcc785316 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Key.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Key.pem
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIASkFQOGOdFOYpJvRhpiVdejCwvcrGqYzfiLFnAqcp87oAoGCCqGSM49
-AwEHoUQDQgAE2Ssk3lFrjs0+aGLeh/w7935wEXHHC1mM/18CfwK4IOf6B7rU5Ni+
-JhwI+zGV1ag0gjoozEcDt8UVfhSeXqp4BQ==
+MHcCAQEEIHdGJ9I40do6+NTljaY1aXltvfmJ/OrWgQbi7R7KPCj3oAoGCCqGSM49
+AwEHoUQDQgAE6rhG3X0fiE/nF4oiQaffXTH0uRvGu3oIdAm5mTUqzwOuyEySW/bC
+ASLu6E1+gRK7zsIx47QiGp1hGNx5S269hw==
 -----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..86107412c50400d26fda3e2ae5c9d9452cdd2dcd
GIT binary patch
literal 616
zcmXqLVoEV+V&YuD%*4pV#39afM8J3Jl=B8$Y#dr`9_MUXn3)XR3?&T2*qB3En0fep
z6H7``ixfgqi%S#&96b$1420OYwAmP07@HQ=FfsD5xVgC*qKPu`uvi!Xfr2=%k)eT^
zk%gg&k+F$!lmx#e5EvR61Cgnvsb!QwyrH3iKEx&sWSd+ZofW_)IJ*QWcor9z0-X@x
z=%|3jGW<@6G!SNE2YZZ(5$Z!`Ms{W=1{Sl+YInDOc>HYFS!?6pp{(zBo?3k1{oFv=
zzDh;C%p=Q_cNknN46v*^yU6d@zo2uyr4`%yOS^BXX)ki&e*7cOeZ}I&qXvzK40wR9
zmlbAY{LjK<z+k`!;_-ucz;I-5FpvfD`B=nQL@sgsS-ZVoIPQxi*QakDhE0_mRqqVs
zLDI@Bz|d|GS?{!+)A#jN(KmVLjduu&D#aTGbr>Xp6v(qg8$=p}FOXj#+a{e+Qc_TC
zrLUh_k(gVMld6}TpR1o-l%rRWn!CtkiIIT;&bV_#izR5lA;&zkCxd|-lOn^b3r)=q
z>QBTc>+#-Ed&(pB^RHUNv^mDV9M1eWqV)0jcc7Bx92?@Eb*tUVO>s%w<1~L!e3<Sf
R?Zu(XXPT?+wEV4i0RR9Nw9^0p

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Cert.pem
new file mode 100644
index 00000000000000..a6cf14d4fa227b
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Cert.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICZDCCAgmgAwIBAgIIFwLEEE21lM8wCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMF8x
+MTAvBgNVBAMMKE1hdHRlciBUZXN0IERBQyAwMDAwIENEUCBJc3N1ZXIgUEFBIEZG
+RjExFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGConwCAgwEODAwMDBZ
+MBMGByqGSM49AgEGCCqGSM49AwEHA0IABDbTJt218OPmus07M/tVBe+5yqPA751R
+HY55IS5pxKdjuDDWcVA5es2iTsb+Us6NdXi2j3WL2SYrokQL4/heR6ijgcUwgcIw
+DAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFNII/K23jxNe
+9BkK8vZIMYJ5CHruMB8GA1UdIwQYMBaAFK9CtwlN69UV7G7PM7gRFSJfMlKIMGIG
+A1UdHwRbMFkwV6AfoB2GG2h0dHBzOi8vZXhhbXBsZS5jb20vY3JsLnBlbaI0pDIw
+MDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZG
+MTAKBggqhkjOPQQDAgNJADBGAiEA6tCCg0An5BeTLg3cJuUMFvn9JoCWnDP6QMz4
+xCLxx/cCIQCnCLBe5osm2m1kRGG8Qp+iX1Yt0iujVaeZNya5Ofsu0A==
+-----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Key.der
new file mode 100644
index 0000000000000000000000000000000000000000..a50eb62b5788522dd09c4cbc43b030a1ff2ecb12
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1RxOY0N(I>UL7m5Bu9X7Z2q?U=PFfMz&dl&sh>E1&Yz$P1_&yK
zNX|V20SBQ(13~}<Hq$2EweaKSy3IQ?`&9++xyqx!@10Q{j(H(2X~d^vxG>gnP&s<d
bqE5#CQqGNac(#vqi`gbCqC^Yh_+Ce-aiusp

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Key.pem
new file mode 100644
index 00000000000000..899b1bcebb6c79
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIBDtAN7we14dK7MkR4BwbP62++cqVVnAOnPTqZ84f86foAoGCCqGSM49
+AwEHoUQDQgAENtMm3bXw4+a6zTsz+1UF77nKo8DvnVEdjnkhLmnEp2O4MNZxUDl6
+zaJOxv5Szo11eLaPdYvZJiuiRAvj+F5HqA==
+-----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..fe055874b7c51e31e574ce16301f5f2ce44438ac
GIT binary patch
literal 594
zcmXqLV)8R+V*IjznTe5!iNkA#=#`y!&lekTv2kd%d7QIlVP-OLGn6n8V`C0wVdmlY
zO)M!%Em8<cEiO?AaP%}3F%V+o(q?01VQgAd!^FtL;^yXNh$hO!!(w3o1PbE3MurAv
zMiz!9M#d(_Q4;)?KwxNO3`C}urj}6#35G@n1`wMxk!^BubXEYH;Or8h;8|Q;3Uoq%
zqoaafewe2Vnr-;q5NROH#t!xw6C>1%%#7^JP7Ewr+Ha4GZB0(8OS?VGPWP<qhy4-0
zt;;Xn|M7og$=0iJ^)ew-_SIG&c{E3`VU~h<VrZVFXsMj6g4F71bvAGI{8n7txZa>~
zjR6nP`Le={jQ?4f3>XafKs<gB4;YZ_4F<9xJ|Bx1i-^LCz^#!{-G&;O%**UgnlXr5
z9<Vcz2T3cl0E4?hWWCdNPT$v8Mc?F|H{KyAsuXV&)M4NQQXtRbYT#_(xIlh^Y@2jO
zNl8JmmA-yzMPhD2PO4sVey)CUQI1|gYVIPrB{Bw5I3v#yIg*(@7z|vQ6d9T?UwQgf
z<&{{Di0fM?j-`*)e*C|?{o}$N=XZXxU_10wo=KrTBCTiA&YP=#ZJfN_py`oi>&*E|
RHx4}DOOu?-!KM)8000sTuPgun

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Cert.pem
new file mode 100644
index 00000000000000..03a69bccb767b6
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Cert.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICTjCCAfSgAwIBAgIISpgV1Lndz3MwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMGAx
+MjAwBgNVBAMMKU1hdHRlciBUZXN0IERBQyAwMDAwIENEUCBJc3N1ZXIgUEFBIE5v
+VklEMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBDgwMDAw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqK+3HFrVjZH5m25o+Lc1F8L9YTYWn
+0t/4/7F0tdVefxxUlL59e8TinBGAmiA3YVVuORV1Hh0gGquWfjzsvPsho4GvMIGs
+MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBQgqFG1WVqL
+MShpA6Y/yTYAFznAPjAfBgNVHSMEGDAWgBSvQrcJTevVFexuzzO4ERUiXzJSiDBM
+BgNVHR8ERTBDMEGgH6AdhhtodHRwczovL2V4YW1wbGUuY29tL2NybC5wZW2iHqQc
+MBoxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTAKBggqhkjOPQQDAgNIADBFAiEA
+g9PU5fUk6hZsFEXtQgil4yb4/9238aG4z7nyOAbC5R8CIH9YZoySudmq+rGTtzCC
+4jmFmZ8i2MDgDmYZnQgGIFJA
+-----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Key.der
new file mode 100644
index 0000000000000000000000000000000000000000..e52705cea55248b1edf60d1d5c56607b4feb931a
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1RzG)pB;^5piOVDo9BBnY<o^+ABE7H0KWnQixTDb_=%tj1_&yK
zNX|V20SBQ(13~}<YAfx>7PVt!erDU6J}u2f@V{71g{RWr`2VqVwbfpK98{FPeS5^>
boDqPUAU9!EZaEco9vvVWtCoH|?7aISxui5N

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Key.pem
new file mode 100644
index 00000000000000..361e6d28861455
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIEbZnx2NZaBNb6+b53sybHtOZR+F0JsAvwIDixLl9viJoAoGCCqGSM49
+AwEHoUQDQgAEaivtxxa1Y2R+ZtuaPi3NRfC/WE2Fp9Lf+P+xdLXVXn8cVJS+fXvE
+4pwRgJogN2FVbjkVdR4dIBqrln487Lz7IQ==
+-----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..5bc8d661076a02073293a0889bb769705e679d78
GIT binary patch
literal 618
zcmXqLVoEb;V&YlA%*4pV#1a4X7|Wgo#fb)7Y#dr`9_MUXn3)XR3?&T2*qB3En0fep
z6H7``ixfgqi%S#&96b$1420OYwAmP07@HQ=FfsD5xVgC*qKPu`uvi!Xfr2=%k)eT^
zk%gg&k+F$!lmx#e5EvR61Cgnvsb!QwilLc-3B)E{WSd+ZofW_)IJ*QWcor9z0-XS~
zT>)sBkpj?c6Eqv~yCc#-n2jCmJ0?b`H<=mPnVlF|(z<^LsOX;c>gPG!Tj<cVb-v5*
zm+CUlvSOvbJg)fGxJUBK>Z;RS#ykA1y&kx%d>prmC3wlSm8`5E!w&^z{`23yxbd(-
z;{gL6pciC?85#exFc~ly@PT;zARaI<*&7UGL3}<IF&2??4F{NvXCGs@^3&_X)ORT#
zG@Xnd8OVdAm05s6-XOBxX*;Ly>#L$~^3EIY5ENC4Hwx-7NB}92XNfcjHwaxIzd*K4
zI-{hdpx8=ZKeZw;w;(4~FF8L~Ke;GJuOKydk<k(Z13g0>11+E~U<4{72P-HDeakXa
ztia*uTL5H%0uwp%nLQW`T$vO&dM?lAes5sF9{2A22Aj3Z-W+%9ejYx%G<)r%dYuEd
qicE?OEzfMv9M<0FTTrf@_5aO5Em@OGhaY;L+qknsRcw!m^mzcPCb!N2

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Cert.pem
new file mode 100644
index 00000000000000..983259f524e460
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Cert.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICZjCCAgygAwIBAgIIX/XGBLygc2EwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMGQx
+NjA0BgNVBAMMLU1hdHRlciBUZXN0IERBQyAwMDAwIENEUCBJc3N1ZXIgUEFJIEZG
+RjIgODAwNDEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDAQ4
+MDAwMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZov4ECQtzUqPDMONcUCCtZ9E
+++knHOZqXRv043j2gbwZ9Kt6y4ozuE47SuBEqeNeqgRTpJapBQXxV8JSaf5Pt6OB
+wzCBwDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUzoDA
+AjObxgDU+Urwle5k8ClCMuIwHwYDVR0jBBgwFoAUr0K3CU3r1RXsbs8zuBEVIl8y
+UogwYAYDVR0fBFkwVzBVoB+gHYYbaHR0cHM6Ly9leGFtcGxlLmNvbS9jcmwucGVt
+ojKkMDAuMSwwKgYDVQQDDCNNYXR0ZXIgVGVzdCBQQUkgTXZpZDpGRkYyIE1waWQ6
+ODAwNDAKBggqhkjOPQQDAgNIADBFAiAIjNObC+8wMAde7s+wPK2m7MdGi+dXm3Vr
+reJ/LMA9IQIhAITmPczDK75NcHcrav/swSodNNLD4UnOsbmIJRa8NBvP
+-----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Key.der
new file mode 100644
index 0000000000000000000000000000000000000000..a67c3deb440a4e0bc54064d11de4a51aec9f68b9
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1R(x&&?317*f@S~zakQv-rCyd$#@LAQ4|*4TIq&1q0FEP1_&yK
zNX|V20SBQ(13~}<W{da`BrVNKj|{_&aX^B#pG5oVCmiN#T^sb{c=mz38T6}q%Zf9&
bPCH8AM5*ImssvM{mZ=2=@mIo9Y5q^QBNsMD

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Key.pem
new file mode 100644
index 00000000000000..24e06cb2664d46
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIP500CK5Bdg4fm+/IhKa3tra58l4DLtRFBbdWumGNqHMoAoGCCqGSM49
+AwEHoUQDQgAEZov4ECQtzUqPDMONcUCCtZ9E++knHOZqXRv043j2gbwZ9Kt6y4oz
+uE47SuBEqeNeqgRTpJapBQXxV8JSaf5Ptw==
+-----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..f290ae6220838631153036dfab7363aab095e79e
GIT binary patch
literal 656
zcmXqLV(KwyVlrO9%*4pV#8I``VEHNeiBk=@*f_M>JkHs&Ff$pr8A=$4u`!3TF!S*H
zCYF?>7Ab_J7MCalIC>h27znX(X|pl1Fg7i!VPfQAadUGsL=$D=VX-g(0tIniBSQl-
zBMU<lBV!ZeC<%T`ATTsC1|m~SQ_Cm=YeQZGZir1RKKXg+Xa?aoKGHy#jUDW0CPt|1
znHkxcofueZFK`$**Z;oG&S~Lk*s^6$n45oXBg5JE#y=*_wA{C+H`r|Ib$K7&mHTD-
zTI%l>bjMs?eNFGNX=CPIBaSFjjk}AR7=;X)82Jo%fNql&W@P-&!eqc;zz5>-gLuGD
zVs9{z1@ZY<#8^aRKL<t5b$qZPN0^E2|H1I(MrXb+F^~sIE3*K@vO#3M({@hZ*H=Z~
z<efL(At<U8ZxqyF(6|<)LY}2@sX^l+gU0y_G8d$`rDl|r6ck(O>!(&E<`(3n>Lusr
z>X&3>7V830VxBHkST{dSH@PTBHzl*Uq$o3~v?Mb>Pq!dHGp_`wq9ir17{o8n$V|=v
z=`%Di)J@JvEGpIq>d`Am&0S=)#K1t$P{%+E=mcOqE2G7;f^S)7iWM+!jTC$ffGl8q
znjohUW_Jby7bXQ^jnBWV7H7Qn?=9Bf&98BuclD8%E`AI)EiJ7(3##}2XHtmenQ@g-
hBzBS2tNb^&Hh;M^XTM#+mf&W$J?9#wRZ5;%005C!#l`>t

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Cert.pem
new file mode 100644
index 00000000000000..3e232f154bdfe4
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Cert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICjDCCAjOgAwIBAgIIerMwp8ofkZUwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMDsx
+DTALBgNVBAMMBExvbmcxFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGC
+onwCAgwEODAwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH3QCDBDf/vXBwk4
+STGEtLxWRk99gQDN7zP4kpk5vryNUzaV1x9MDam/HI6Ef91wi1zTq9Yu4zWBab0y
+CFo1KN2jggESMIIBDjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNV
+HQ4EFgQUHfNSWZ1B4LBsEwIG/8FXpzLM96QwHwYDVR0jBBgwFoAUr0K3CU3r1RXs
+bs8zuBEVIl8yUogwga0GA1UdHwSBpTCBojCBn6BpoGeGZWh0dHBzOi8vZXhhbXBs
+ZS5jb20vdGhpcy1pcy1hbi1leGFtcGxlLW9mLWNybC1kaXN0cmlidXRpb24tcG9p
+bnQtZXh0ZW5zaW9uLXdoaWNoLWlzLTEwMS1jaGFycy9jcmwucGVtojKkMDAuMSww
+KgYDVQQDDCNNYXR0ZXIgVGVzdCBQQUkgTXZpZDpGRkYyIE1waWQ6ODAwNDAKBggq
+hkjOPQQDAgNHADBEAiATKPP6OqNo60+Ncy+7DyjPDavE6UROADyEhIW5cHu9/wIg
+XQyY1QEUXaI66m/s2rP00py/PnC0U4NGvM6BGyR05Dg=
+-----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Key.der
new file mode 100644
index 0000000000000000000000000000000000000000..d0d68ddb316e08aafcc19f5204c6aa262236dc60
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1R#WA8N|5!Sp->_Tp31cuuBe`|FV*O`Oa_aM}lh|&N!e71_&yK
zNX|V20SBQ(13~}<eb5LnLx20%2MIVyF@&_dRz^>KfdI|#Gx(C3IljD&Q#O^?A50CY
bzZ{N)f8B74T+^%8F5@+UX}vNCS~V!$OpY>G

literal 0
HcmV?d00001

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Key.pem
new file mode 100644
index 00000000000000..6c4c6ed8fa1805
--- /dev/null
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIRhGcS4/FkEWZhcGUZqsEsOm/+ykn35zm/rR4JrHc44oAoGCCqGSM49
+AwEHoUQDQgAEfdAIMEN/+9cHCThJMYS0vFZGT32BAM3vM/iSmTm+vI1TNpXXH0wN
+qb8cjoR/3XCLXNOr1i7jNYFpvTIIWjUo3Q==
+-----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Key.der
index 7d63f00c9bcfa480b6624c9304cdffeee1be57f2..1a2b0e85953ccc03e4f7aa5f096e367ea1e9d080 100644
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1Ry2&z*5wXYKQJk&UM=JW7c5#0XA68FjYPwxLcySz5}2N1_&yK
zNX|V20SBQ(13~}<L9TYUeBP^oTt#=%SGJz1<|I!jvB7zd&^_!_+zy1L3zDAQDZVk&
bhH)kD6=t5jlM(M`Ty!BgXvD3Yt^`!cRq8eu

literal 121
zcmV-<0EYiCcLD(c1Rw@k@)ma(=?@Yky6;3N@vzRsa<yN(2kM8{If<P2F>0U+1_&yK
zNX|V20SBQ(13~}<;{hJtpHW(~>AI68{_;DP&2d~h>Nw7U9*F#H=d3U$Bm1WYi#`d{
b{#2V0%wG;!Y);$GK6|1kAGpw(^dX)-&PX)-

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Key.pem
index 48fe09ad29812d..2a870d125cd900 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Key.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Key.pem
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIAZZ8hZ3GOkPEiO670Qo8bDOxHK1X7sH6ofXOYmc9zFqoAoGCCqGSM49
-AwEHoUQDQgAE4wEe3p9RWrPpupMl/vI7ls1xXDrqOM6BHoj8beesMCYj+6cGiz4J
-0/5UmxHMXw5ZbE7bzj57oicfuNCa9CGePQ==
+MHcCAQEEICX4wFLUjmqH7k3OddrzY9Zg+QE2WM0wVT4huFuiur4DoAoGCCqGSM49
+AwEHoUQDQgAEQa52t3zeq4BcRXfSV7aeqeYkTyixwXmP0D3sVNwOhKULkp7dKb4x
+04ZxJe8VZp69kxHvZlx0IThoxK2crgRUyQ==
 -----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Cert.der
index 1ece300335a5fe455a5ab9cc6c3805be3d67b412..66fd52a1409ef8c720a4205b02a822ffc4340147 100644
GIT binary patch
delta 194
zcmV;z06qWL1lI%?FoFV8FoFU3paTK{0s;svjVwj3Xj4Uz7tTO$y)hH<P5`x38s#QB
zN8xK3cXjC!6r>>Z*?R43q?1(~rNGve`aZb`@iLlJyPaL-mrVMo#qh<%FpRDm#^HC9
zB>^uKs5Hy${clG@2IYN_eoXYOKYjd9lV|~}L?Hn1Rbe{I5zBVpbi?6tu4BufFSBeO
w1uGaN>Vsy+6cyS6AOR(>KXh+mk0$GF{>e!G`Zd+k=>%i(^NQB*klVKAgHDxPEdT%j

delta 194
zcmV;z06qWL1lI%?FoFV8FoFU3paTK{0s;sfZf#IOh5!eV7tTOKDEqi^LX0)yB(r~>
zfMf$-vdnV$@o^YaM#CWCsD-uU2?<{8g<pMAua}|FZ+3BPhc<p0h|ZxI*4OkUE5|RB
zB>^uK_Dp;6sJ7s`5RSd;PvQ1=e90^+lV|~}L?A;$VsuqSxDe|zJy|V3MuI$3^<f$C
whD73dOu9<ix3K~t0IyM(YD7&#p1K#fp<{J{Qwfvy7{YWIhtuZXN0Fq-q)OIS<p2Nx

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Cert.pem
index 4cadfd7818c829..338be69c639d36 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Cert.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Cert.pem
@@ -1,15 +1,15 @@
 -----BEGIN CERTIFICATE-----
-MIICUzCCAfmgAwIBAgIIHW5tUEGGAAcwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+MIICUzCCAfmgAwIBAgIILY0sRa5oU0UwCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
 TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
 gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMDsx
 DTALBgNVBAMMBExvbmcxFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGC
-onwCAgwEODAwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEMo+7hxQow14iSz
-f56AZANfssxy+PFxGFNGwyDhqIW15AkJXuyFX31Sr5eh0G92cWyHNn4ZiM6hGdbX
-9CUrxy+jgdkwgdYwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0O
-BBYEFPZMe/GotuC6EI6960/h9nd8ySwpMB8GA1UdIwQYMBaAFK9CtwlN69UV7G7P
+onwCAgwEODAwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABG+9MRPxTgC1VBrl
+JjpH4WsZd3XpEhSkIPTZeu1rpJNVHKXA1pX6PrkI8TKaVLudXeWXTPqoxfDFxDCM
+rhrG4XejgdkwgdYwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0O
+BBYEFKg0y+z9b0dDBuV9kH5M9K0/ffxPMB8GA1UdIwQYMBaAFK9CtwlN69UV7G7P
 M7gRFSJfMlKIMHYGA1UdHwRvMG0wa6BpoGeGZWh0dHBzOi8vZXhhbXBsZS5jb20v
 dGhpcy1pcy1hbi1leGFtcGxlLW9mLWNybC1kaXN0cmlidXRpb24tcG9pbnQtZXh0
 ZW5zaW9uLXdoaWNoLWlzLTEwMS1jaGFycy9jcmwucGVtMAoGCCqGSM49BAMCA0gA
-MEUCIENDYnRVRbgQ6zM9WS0/RoI8U/VhGfCGROJ5TLpK2rexAiEAr1GXakRNQ566
-F7ihY3WBUwmT9hjCdBiH0+beR5GkyaQ=
+MEUCIQDwVWE6yxHLdt90w+FyrmPLoC+zbB4FKxgk6oNmxhQV2gIgASWvP3RvYo8m
+623+yUj++jXV0ukEY/HzitbvkNu25oM=
 -----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Key.der
index 5282d103be84bb099731aa7daf90b5ddefd1c960..03cab3608d7d67917e92c12bf66e2d9cc224ec7e 100644
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1R$XV?Ksz`efx(biM8`JQRZHLXf^~hPJ3>er{s&2zxSXD1_&yK
zNX|V20SBQ(13~}<Z@n=S@lF7>R2t<bI!EDa8FzK*5)`B$^x1mtYowD^9Hqe4mHIxp
b2=OwSRJ)yB<(EwQsKxNb#4wDm8ph#w?eRBI

literal 121
zcmV-<0EYiCcLD(c1R&8=nWxs?I8%n5=A>*(QqeneSr*i)y-+5qtsZiDX6v8|1_&yK
zNX|V20SBQ(13~}<Ln!;WaYBqW;v}<wo`7TnU$V?{`0;TVQ%1ue;i!eR<OvC0?1f)_
bQm>bx&~J8eY=<^}8HmoI8P?bIB`e1-3>-Cd

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Key.pem
index d868b79ee31833..c39f44e59c369a 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Key.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Key.pem
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEINFUmafW3jhThp3mpGxLUtE7c1kW1Kq9UCaqrR5yeWbroAoGCCqGSM49
-AwEHoUQDQgAEQyj7uHFCjDXiJLN/noBkA1+yzHL48XEYU0bDIOGohbXkCQle7IVf
-fVKvl6HQb3ZxbIc2fhmIzqEZ1tf0JSvHLw==
+MHcCAQEEIKEE7TjXp337hySJtfM1UeZefmg2BDNOe26ap+SLlL/3oAoGCCqGSM49
+AwEHoUQDQgAEb70xE/FOALVUGuUmOkfhaxl3dekSFKQg9Nl67Wukk1UcpcDWlfo+
+uQjxMppUu51d5ZdM+qjF8MXEMIyuGsbhdw==
 -----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Cert.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Cert.der
index 2ad2f7c7190a4dec4d7f1a22d134ac6d24ce157d..2315cfa58c79bfe7653be7bbba0b5096ae3fb312 100644
GIT binary patch
delta 256
zcmV+b0ssDq1giuWFoFUnFoFThpaTK{0s;tc*Z&LEq?kXE7k4pSF)lDH1_M<D0}Lfi
zVRUq5av)S?b95j?K|>%gFfcG6Lqt#@S8{J|XCP2=WoBu3kv}bw%Nju5%o5<-JsUZo
z|Hfv8{Te;m^w4zRvuabQy(}EF?fv+BaXiG1av61rxpCiLSsuvEPQG*cPv3B&2T8(&
zlG#6#B>^uKSV2DI?X53Frp*Scz-*&PUgp8^lV|~0N=X1PMgk!KwJ()ZMx6mTo36SK
zg{>*9iJp%X8XYZc_tXDZTm`u+0wDm`)!JT*>ox>iH4^wXJ+q*!j2#qwExSLJSjqK^
G<$!^zjcUvQ

delta 219
zcmV<103`pb1c?L}FoFUFFoFTApaTK{0s;td1_-L5*R5@l7k3alF%2*a1_M<D0}KRA
zZ*FIizehm)&B!UbVmExo$Fpvy!LN4B6~idJOKyz^c)D4CyYmX?61G>;`SQ6H_#;e*
z;-fqD=UH~(PHNCSg$vPSIrGnxMgcDr2QVD(i=IR#(&TQ&`a09ML>=$FlZgRXNk{-N
zMFJrJ=D3I+?GC1Jg1}&YM)t~t1Tm}Nk=7SofebjI<nTpz0w6gCU%vVMq#HM{%dz&~
V2@V=WJFISHEIZo41N76ZPIgCHU+Vw>

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Cert.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Cert.pem
index c53dbb8fbd6498..8cecc4118bc767 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Cert.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Cert.pem
@@ -1,13 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIICBTCCAaugAwIBAgIIcAYIqqHXrW0wCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
+MIICJzCCAcygAwIBAgIIb9f/C9WkmD8wCgYIKoZIzj0EAwIwRjEYMBYGA1UEAwwP
 TWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZGMTEUMBIGCisGAQQB
-gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMDsx
-DTALBgNVBAMMBExvbmcxFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGC
-onwCAgwEODAwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPzNyCm6Yjd8xsez
-bqfBr3bNFcMovEtujQd4ull/u/MK5xK2V9L58rkV+CNMh+KjO/XnWXbgTmrQPYUL
-0WQ588+jgYswgYgwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0O
-BBYEFAcwHO+LnkQm0uRuxvo607dEHe+9MB8GA1UdIwQYMBaAFK9CtwlN69UV7G7P
-M7gRFSJfMlKIMCgGA1UdHwQhMB8wHaAboBmGF3d3dy5leGFtcGxlLmNvbS9jcmwu
-cGVtMAoGCCqGSM49BAMCA0gAMEUCIQDmuIge7Q6mcILAYH5G9sqEBDGr4JHWF12B
-DDih5PBFdwIgOQZfvvn9pBs3r8ux9t8JDhpEO6xuZSw72sED9NOsTnY=
+gqJ8AgIMBDgwMDAwIBcNMjEwNjI4MTQyMzQzWhgPOTk5OTEyMzEyMzU5NTlaMFwx
+LjAsBgNVBAMMJU1hdHRlciBUZXN0IERBQyAwMDAwIENEUCBXcm9uZyBQcmVmaXgx
+FDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGConwCAgwEODAwMDBZMBMG
+ByqGSM49AgEGCCqGSM49AwEHA0IABN7MEuDcPRs5oP/GZoX9Gj3a9NB04LNqU6i9
+LByz7f34e3E8xI5yGXWJuXHfX1keyM1OvnP6T99wogdJwoSS2T+jgYswgYgwDAYD
+VR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFFhBPuTtrS9Eps0G
+q8Bso0he5sHxMB8GA1UdIwQYMBaAFK9CtwlN69UV7G7PM7gRFSJfMlKIMCgGA1Ud
+HwQhMB8wHaAboBmGF3d3dy5leGFtcGxlLmNvbS9jcmwucGVtMAoGCCqGSM49BAMC
+A0kAMEYCIQC1L5VTRp0BOJuuug+FrSmsiZ6PFBodLWz30/9XXAW5KwIhANfV2l6L
+6zYEWzUS+DY9s6CsjB0UfC27P5VYyfWL5YCB
 -----END CERTIFICATE-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Key.der
index ab268e2e51f69e06e65019182f0e583d09a0dfcf..938339c0443c9ec9b26958de64a74b3554f4e7b7 100644
GIT binary patch
literal 121
zcmV-<0EYiCcLD(c1R%@HXVQDS&c1XP!{x5N5VOV-08R*n?ml2W;@r2M&dQ()1_&yK
zNX|V20SBQ(13~}<-pmr<+&vpPp#R2Zh5Z^m+Vs$L;InE|sJ$#4v+e!(dvQF(j&d1w
biMes#Us)c=%}%~^`cL0*q6bOBgp%1mEPgtl

literal 121
zcmV-<0EYiCcLD(c1R$jy&HUL_+lM4IY=;sWki8QaQ+TJTjB)gEM53nK>)W6T1_&yK
zNX|V20SBQ(13~}<{LRQIx?(qc#>ca6r@^mw%@xBayi0D42Y9+!f4lPv=MuJ8()sea
b75F1ehvK6<_2*f3;7)4LJ%tO=WI6NCdHOjc

diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Key.pem b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Key.pem
index f9c33a94072281..930bf855c472d0 100644
--- a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Key.pem
+++ b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Key.pem
@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIKUdzfzZVduHJDVshxIakL0TGFN4p6mMcfRwRKKm2+vboAoGCCqGSM49
-AwEHoUQDQgAE/M3IKbpiN3zGx7Nup8Gvds0Vwyi8S26NB3i6WX+78wrnErZX0vny
-uRX4I0yH4qM79edZduBOatA9hQvRZDnzzw==
+MHcCAQEEIMvLZ9J7u86+dBfD5a6+ELPGEgBOCIXuPmA94ty3ns7KoAoGCCqGSM49
+AwEHoUQDQgAE3swS4Nw9Gzmg/8Zmhf0aPdr00HTgs2pTqL0sHLPt/fh7cTzEjnIZ
+dYm5cd9fWR7IzU6+c/pP33CiB0nChJLZPw==
 -----END EC PRIVATE KEY-----
diff --git a/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-000A-Key.der b/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-000A-Key.der
deleted file mode 100644
index 287b7d0e23a2ce7848613466f5b8ad5db823dce3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 121
zcmV-<0EYiCcLD(c1Rw>*!>CQh1<X9i1%L^#8#0{s4DnfT#;Fdis^Z>BWS*c31_&yK
zNX|V20SBQ(13~}<dW2Z7yPM4w;hNmiX7+5HFJOFhbb2-T4>#c$6F-3Qb^#M7kCE|O
bp!fKBG6_%SpSLJzs2(Pln>LFxwNx<!w68ML

diff --git a/credentials/test/gen-test-attestation-certs.sh b/credentials/test/gen-test-attestation-certs.sh
index 04d0ba6130dac8..0efa01088ce4f8 100755
--- a/credentials/test/gen-test-attestation-certs.sh
+++ b/credentials/test/gen-test-attestation-certs.sh
@@ -353,44 +353,101 @@ cert_lifetime=4294967295
     dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Key"
     dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Cert"
 
-    cdp_example="URI:http://example.com/crl.pem"
+    cdp_uri="http://example.com/crl.pem"
 
-    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP (HTTP)" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP (HTTP)" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
 
     dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-HTTPS-Key"
     dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-HTTPS-Cert"
 
-    cdp_example="URI:https://example.com/crl.pem"
+    cdp_uri="https://example.com/crl.pem"
 
-    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP (HTTPS)" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP (HTTPS)" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
 
-    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-2CDPs-Key"
-    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-2CDPs-Cert"
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-2URIs-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-2URIs-Cert"
 
-    cdp_example2="URI:http://example.com/crl2.pem"
+    cdp_error_inject="ext-cdp-uri-duplicate"
 
-    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac Two CDPs" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example" --cpd-ext "$cdp_example2" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP (Two URIs)" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" -I -E "$cdp_error_inject" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
 
-    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-2URIs-Key"
-    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-2URIs-Cert"
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-2DPs-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-2DPs-Cert"
+
+    cdp_error_inject="ext-cdp-dist-point-duplicate"
 
-    cdp_example2in1="URI:http://example.com/crl.pem,URI:http://example.com/crl2.pem"
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac Two CDP (Two DPs)" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" -I -E "$cdp_error_inject" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
 
-    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP (Two URIs)" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example2in1" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-2CDPs-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-2CDPs-Cert"
+
+    cdp_error_inject="ext-cdp-add"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac Two CDPs" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" -I -E "$cdp_error_inject" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
 
     dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Long-Key"
     dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Long-Cert"
 
-    cdp_example="URI:https://example.com/this-is-an-example-of-crl-distribution-point-extension-which-is-101-chars/crl.pem"
+    cdp_uri="https://example.com/this-is-an-example-of-crl-distribution-point-extension-which-is-101-chars/crl.pem"
 
-    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Long" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Long" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
 
     dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Wrong-Prefix-Key"
     dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Wrong-Prefix-Cert"
 
-    cdp_example="URI:www.example.com/crl.pem"
+    cdp_uri="www.example.com/crl.pem"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP Wrong Prefix" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Issuer-PAA-FFF1-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Issuer-PAA-FFF1-Cert"
+    issuer_cert_file="$dest_dir/Chip-Test-PAA-$vid-Cert"
+
+    cdp_uri="https://example.com/crl.pem"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP Issuer PAA FFF1" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem --crl-issuer-cert "$issuer_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-2CRLIssuers-PAA-FFF1-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-2CRLIssuers-PAA-FFF1-Cert"
+    cdp_error_inject="ext-cdp-crl-issuer-duplicate"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP 2 Issuers PAA FFF1" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" -I -E "$cdp_error_inject" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem --crl-issuer-cert "$issuer_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-CRL-Issuer-PAA-FFF1-2DPs-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-CRL-Issuer-PAA-FFF1-2DPs-Cert"
+    cdp_error_inject="ext-cdp-dist-point-duplicate"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP Issuer PAA FFF1 (Two DPs)" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" -I -E "$cdp_error_inject" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem --crl-issuer-cert "$issuer_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-2CDPs-Issuer-PAA-FFF1-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-2CDPs-Issuer-PAA-FFF1-Cert"
+    cdp_error_inject="ext-cdp-add"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac 2CDPs Issuer PAA FFF1" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" -I -E "$cdp_error_inject" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem --crl-issuer-cert "$issuer_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Issuer-PAA-NoVID-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Issuer-PAA-NoVID-Cert"
+    issuer_cert_file="$dest_dir/Chip-Test-PAA-NoVID-Cert"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP Issuer PAA NoVID" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem --crl-issuer-cert "$issuer_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Issuer-PAI-FFF2-8004-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Issuer-PAI-FFF2-8004-Cert"
+    issuer_cert_file="$dest_dir/Chip-Test-PAI-FFF2-8004-FB-Cert"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP Issuer PAI FFF2 8004" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem --crl-issuer-cert "$issuer_cert_file".pem
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-2CDPs-Issuer-PAI-FFF2-8004-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-2CDPs-Issuer-PAI-FFF2-8004-Cert"
+    cdp_error_inject="ext-cdp-dist-point-duplicate"
+
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Matter Test DAC $dac CDP Issuer PAI FFF2 8004 Two CDPs" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem --crl-issuer-cert "$issuer_cert_file".pem -I -E "$cdp_error_inject"
+
+    dac_key_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Issuer-PAI-FFF2-8004-Long-Key"
+    dac_cert_file="$dest_dir/Chip-Test-DAC-$vid-$pid-$dac-CDP-Issuer-PAI-FFF2-8004-Long-Cert"
+    cdp_uri="https://example.com/this-is-an-example-of-crl-distribution-point-extension-which-is-101-chars/crl.pem"
 
-    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Long" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cpd-ext "$cdp_example" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem
+    "$chip_cert_tool" gen-att-cert --type d --subject-cn "Long" --subject-vid "$vid" --subject-pid "$pid" --valid-from "$cert_valid_from" --lifetime "$cert_lifetime" --cdp-uri "$cdp_uri" --ca-key "$pai_key_file".pem --ca-cert "$pai_cert_file".pem --out-key "$dac_key_file".pem --out "$dac_cert_file".pem --crl-issuer-cert "$issuer_cert_file".pem
 }
 
 # In addition to PEM format also create certificates in DER form.
diff --git a/src/credentials/tests/CHIPAttCert_test_vectors.cpp b/src/credentials/tests/CHIPAttCert_test_vectors.cpp
index 7318d5b925a4e5..8185e95e0c8608 100644
--- a/src/credentials/tests/CHIPAttCert_test_vectors.cpp
+++ b/src/credentials/tests/CHIPAttCert_test_vectors.cpp
@@ -25,8 +25,8 @@ namespace TestCerts {
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Cert.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_Cert_Array[] = {
-    0x30, 0x82, 0x02, 0x50, 0x30, 0x82, 0x01, 0xf6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x49, 0x6d, 0xfb, 0xdb, 0x3b, 0x5e,
-    0xb2, 0x43, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x30, 0x82, 0x02, 0x54, 0x30, 0x82, 0x01, 0xfa, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x52, 0xd0, 0xac, 0x67, 0xb2, 0x0c,
+    0xde, 0x95, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
     0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
     0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
     0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
@@ -37,29 +37,29 @@ constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_Cert_Array[] = {
     0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06,
     0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13,
     0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42,
-    0x00, 0x04, 0x4a, 0xad, 0x5e, 0xf4, 0x21, 0xfa, 0x87, 0xa2, 0x09, 0x6a, 0xf4, 0x80, 0x5c, 0xc7, 0xb6, 0xca, 0xdf, 0x0f, 0xf7,
-    0xd0, 0xb0, 0x35, 0x34, 0xd3, 0x11, 0x27, 0x92, 0xd8, 0x9c, 0x01, 0xdf, 0x13, 0xb7, 0x15, 0x01, 0xf2, 0xc4, 0x05, 0x68, 0x92,
-    0x9b, 0xf8, 0x9b, 0xbb, 0x28, 0x0f, 0xb0, 0x67, 0x93, 0x0d, 0x4c, 0x28, 0x42, 0xf9, 0x73, 0x52, 0x12, 0x57, 0x39, 0x8f, 0xb6,
-    0x32, 0x92, 0xdc, 0xa3, 0x81, 0xbd, 0x30, 0x81, 0xba, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02,
+    0x00, 0x04, 0xac, 0x80, 0x21, 0xa1, 0xb1, 0x13, 0x75, 0x88, 0x52, 0xb1, 0x2c, 0xd4, 0x97, 0x1e, 0xda, 0x15, 0x70, 0xde, 0x9e,
+    0x6d, 0x53, 0xb7, 0x4b, 0x1a, 0x25, 0x7c, 0xa1, 0x1c, 0x56, 0x97, 0x6f, 0x48, 0xb0, 0xf4, 0x71, 0x15, 0xba, 0xda, 0x22, 0x75,
+    0x2e, 0x66, 0x18, 0xc3, 0xf0, 0xde, 0x18, 0x08, 0xf0, 0x2a, 0x5e, 0x2e, 0xa5, 0xe5, 0xce, 0xad, 0x10, 0xdd, 0xdb, 0x41, 0xa3,
+    0x81, 0xd7, 0xf3, 0xa3, 0x81, 0xc1, 0x30, 0x81, 0xbe, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02,
     0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06,
-    0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x45, 0xdc, 0xfc, 0x35, 0xca, 0x19, 0x28, 0x71, 0xa3, 0xee, 0x16, 0xb2, 0x15,
-    0x8b, 0x68, 0x1b, 0xe3, 0xe9, 0x8a, 0x8c, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf,
+    0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xda, 0x62, 0x76, 0x0d, 0xd9, 0xca, 0xd8, 0xd1, 0x28, 0x33, 0x59, 0x94, 0x9b,
+    0x42, 0x9a, 0xa1, 0xd4, 0xd4, 0xa2, 0x19, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf,
     0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88, 0x30, 0x2c,
     0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x25, 0x30, 0x23, 0x30, 0x21, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70,
     0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70,
-    0x65, 0x6d, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x25, 0x30, 0x23, 0x30, 0x21, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b,
-    0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72,
-    0x6c, 0x32, 0x2e, 0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00,
-    0x30, 0x45, 0x02, 0x20, 0x2a, 0x38, 0x00, 0xbd, 0x3b, 0x00, 0x1d, 0x49, 0xc0, 0xa9, 0x71, 0x18, 0xb8, 0x70, 0xfd, 0x4b, 0x09,
-    0x54, 0x6b, 0x06, 0x61, 0x07, 0xaf, 0xed, 0x95, 0x9a, 0xef, 0x0c, 0x5b, 0x01, 0x2b, 0x8f, 0x02, 0x21, 0x00, 0xe1, 0x89, 0x51,
-    0xe8, 0xe3, 0xee, 0x6c, 0xa3, 0x3d, 0x67, 0xb2, 0x60, 0x8c, 0x1a, 0xbd, 0xf6, 0x5f, 0x94, 0xbc, 0x79, 0xde, 0x35, 0x1b, 0x26,
-    0x21, 0x6a, 0x41, 0xdc, 0x92, 0xb3, 0x11, 0x22,
+    0x65, 0x6d, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0, 0x23, 0xa0, 0x21, 0x86, 0x1f,
+    0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x74, 0x65,
+    0x73, 0x74, 0x5f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03,
+    0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x07, 0x61, 0xeb, 0x67, 0xe2, 0x4b, 0x59, 0x36, 0xb2, 0x04, 0x41, 0x14, 0x56,
+    0x8d, 0xa6, 0x97, 0x08, 0xc7, 0xa2, 0x95, 0xf3, 0x89, 0xbf, 0x67, 0xcf, 0xe2, 0x50, 0x44, 0x6b, 0x60, 0xbc, 0x97, 0x02, 0x21,
+    0x00, 0xe5, 0xd6, 0x00, 0x9c, 0x08, 0x14, 0xc9, 0xc2, 0xec, 0xac, 0x6e, 0x05, 0xe0, 0x6f, 0x69, 0x55, 0x01, 0xce, 0x3a, 0x49,
+    0xbf, 0xce, 0x1f, 0x55, 0x81, 0xd0, 0x41, 0x4d, 0xf1, 0xe2, 0x4b, 0xf3,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Cert = ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_Cert_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_SKID_Array[] = {
-    0x45, 0xDC, 0xFC, 0x35, 0xCA, 0x19, 0x28, 0x71, 0xA3, 0xEE, 0x16, 0xB2, 0x15, 0x8B, 0x68, 0x1B, 0xE3, 0xE9, 0x8A, 0x8C,
+    0xDA, 0x62, 0x76, 0x0D, 0xD9, 0xCA, 0xD8, 0xD1, 0x28, 0x33, 0x59, 0x94, 0x9B, 0x42, 0x9A, 0xA1, 0xD4, 0xD4, 0xA2, 0x19,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_SKID = ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_SKID_Array);
@@ -67,26 +67,293 @@ extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_SKID = ByteSpan(sTestCe
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Key.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_PublicKey_Array[] = {
-    0x04, 0x4a, 0xad, 0x5e, 0xf4, 0x21, 0xfa, 0x87, 0xa2, 0x09, 0x6a, 0xf4, 0x80, 0x5c, 0xc7, 0xb6, 0xca,
-    0xdf, 0x0f, 0xf7, 0xd0, 0xb0, 0x35, 0x34, 0xd3, 0x11, 0x27, 0x92, 0xd8, 0x9c, 0x01, 0xdf, 0x13, 0xb7,
-    0x15, 0x01, 0xf2, 0xc4, 0x05, 0x68, 0x92, 0x9b, 0xf8, 0x9b, 0xbb, 0x28, 0x0f, 0xb0, 0x67, 0x93, 0x0d,
-    0x4c, 0x28, 0x42, 0xf9, 0x73, 0x52, 0x12, 0x57, 0x39, 0x8f, 0xb6, 0x32, 0x92, 0xdc,
+    0x04, 0xac, 0x80, 0x21, 0xa1, 0xb1, 0x13, 0x75, 0x88, 0x52, 0xb1, 0x2c, 0xd4, 0x97, 0x1e, 0xda, 0x15,
+    0x70, 0xde, 0x9e, 0x6d, 0x53, 0xb7, 0x4b, 0x1a, 0x25, 0x7c, 0xa1, 0x1c, 0x56, 0x97, 0x6f, 0x48, 0xb0,
+    0xf4, 0x71, 0x15, 0xba, 0xda, 0x22, 0x75, 0x2e, 0x66, 0x18, 0xc3, 0xf0, 0xde, 0x18, 0x08, 0xf0, 0x2a,
+    0x5e, 0x2e, 0xa5, 0xe5, 0xce, 0xad, 0x10, 0xdd, 0xdb, 0x41, 0xa3, 0x81, 0xd7, 0xf3,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_PublicKey = ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_PublicKey_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_PrivateKey_Array[] = {
-    0x98, 0xfa, 0x42, 0xd8, 0x0f, 0x46, 0x9c, 0x45, 0xc6, 0x70, 0x6a, 0xa7, 0x49, 0xbe, 0x21, 0x80,
-    0x01, 0xb6, 0xd8, 0xc8, 0xda, 0x28, 0xc4, 0x6e, 0x45, 0xd8, 0x4a, 0x5c, 0x68, 0xa8, 0xdf, 0x7e,
+    0x39, 0x56, 0x75, 0x16, 0x2e, 0x60, 0x42, 0x38, 0x53, 0x56, 0x31, 0x47, 0x41, 0xe9, 0x6c, 0xc8,
+    0x71, 0xa0, 0x0d, 0xb1, 0x5e, 0x25, 0x76, 0xa1, 0x58, 0xa5, 0xd8, 0xc2, 0x0b, 0x37, 0x32, 0xe2,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_PrivateKey = ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_PrivateKey_Array);
 
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Cert.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_Cert_Array[] = {
+    0x30, 0x82, 0x02, 0x97, 0x30, 0x82, 0x02, 0x3d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5c, 0x22, 0x3a, 0x87, 0xf6, 0x75,
+    0xf8, 0x21, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
+    0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
+    0x30, 0x30, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f,
+    0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x61, 0x31, 0x33, 0x30, 0x31,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2a, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x44, 0x41,
+    0x43, 0x20, 0x30, 0x30, 0x30, 0x30, 0x20, 0x32, 0x43, 0x44, 0x50, 0x73, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x20, 0x50,
+    0x41, 0x41, 0x20, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c,
+    0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2,
+    0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+    0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x89, 0x33, 0xf1, 0xcf, 0xd6, 0x7b,
+    0xbb, 0xeb, 0xa9, 0x8a, 0xc9, 0x9f, 0x98, 0x19, 0x19, 0x5b, 0x11, 0x71, 0xa8, 0x3f, 0x49, 0x23, 0xf6, 0x94, 0x0a, 0xf0, 0xf2,
+    0x20, 0x7b, 0xa6, 0x58, 0xdf, 0x5a, 0x66, 0x6f, 0x93, 0xb5, 0xf8, 0xec, 0x5e, 0xba, 0xed, 0x8c, 0xcc, 0x22, 0xf4, 0x6b, 0x11,
+    0x50, 0x45, 0x27, 0x24, 0x8a, 0x5f, 0x29, 0x36, 0x5d, 0x43, 0x28, 0x9d, 0x47, 0xc3, 0x67, 0x78, 0xa3, 0x81, 0xf7, 0x30, 0x81,
+    0xf4, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d,
+    0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
+    0x10, 0xaf, 0x8c, 0x65, 0x60, 0x83, 0xee, 0x8d, 0xa6, 0xa1, 0x06, 0x7b, 0xfb, 0x79, 0xfb, 0x32, 0x9a, 0xae, 0x69, 0x62, 0x30,
+    0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec,
+    0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88, 0x30, 0x62, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x5b, 0x30,
+    0x59, 0x30, 0x57, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d,
+    0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0xa2, 0x34, 0xa4, 0x32, 0x30, 0x30,
+    0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73,
+    0x74, 0x20, 0x50, 0x41, 0x41, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01,
+    0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x30, 0x30, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x29, 0x30, 0x27, 0x30, 0x25, 0xa0, 0x23,
+    0xa0, 0x21, 0x86, 0x1f, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
+    0x6d, 0x2f, 0x74, 0x65, 0x73, 0x74, 0x5f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48,
+    0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xb3, 0x00, 0x1b, 0xf2, 0xfb, 0x22, 0xf3, 0x4c,
+    0x14, 0x23, 0x04, 0xe1, 0x58, 0x50, 0x98, 0xf1, 0x34, 0xe8, 0x27, 0xde, 0x74, 0xc7, 0x90, 0xfa, 0x93, 0x10, 0x3e, 0x4d, 0xa3,
+    0xef, 0x8e, 0x97, 0x02, 0x20, 0x74, 0x8d, 0x81, 0x4a, 0x83, 0x4f, 0x04, 0x00, 0xb0, 0x0d, 0xe1, 0x75, 0xff, 0xba, 0xae, 0x62,
+    0x6a, 0x5d, 0x96, 0x10, 0xe1, 0x14, 0xca, 0xde, 0xfb, 0x21, 0xdb, 0x2d, 0x9d, 0x19, 0x80, 0x47,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_Cert =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_Cert_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_SKID_Array[] = {
+    0x10, 0xAF, 0x8C, 0x65, 0x60, 0x83, 0xEE, 0x8D, 0xA6, 0xA1, 0x06, 0x7B, 0xFB, 0x79, 0xFB, 0x32, 0x9A, 0xAE, 0x69, 0x62,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_SKID =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_SKID_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAA-FFF1-Key.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_PublicKey_Array[] = {
+    0x04, 0x89, 0x33, 0xf1, 0xcf, 0xd6, 0x7b, 0xbb, 0xeb, 0xa9, 0x8a, 0xc9, 0x9f, 0x98, 0x19, 0x19, 0x5b,
+    0x11, 0x71, 0xa8, 0x3f, 0x49, 0x23, 0xf6, 0x94, 0x0a, 0xf0, 0xf2, 0x20, 0x7b, 0xa6, 0x58, 0xdf, 0x5a,
+    0x66, 0x6f, 0x93, 0xb5, 0xf8, 0xec, 0x5e, 0xba, 0xed, 0x8c, 0xcc, 0x22, 0xf4, 0x6b, 0x11, 0x50, 0x45,
+    0x27, 0x24, 0x8a, 0x5f, 0x29, 0x36, 0x5d, 0x43, 0x28, 0x9d, 0x47, 0xc3, 0x67, 0x78,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_PublicKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_PublicKey_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_PrivateKey_Array[] = {
+    0x76, 0x21, 0x57, 0x07, 0x20, 0x09, 0x0c, 0x48, 0x13, 0x29, 0x5e, 0xfc, 0x53, 0x6a, 0xb4, 0x51,
+    0xee, 0x65, 0xf2, 0xc3, 0xe7, 0x22, 0xfb, 0x44, 0xc3, 0xbd, 0x78, 0xa0, 0x58, 0x79, 0x55, 0xdb,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_PrivateKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_PrivateKey_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Cert.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_Cert_Array[] = {
+    0x30, 0x82, 0x02, 0xcb, 0x30, 0x82, 0x02, 0x71, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x6c, 0x01, 0x4a, 0xb9, 0xe4, 0xcf,
+    0xda, 0x4c, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
+    0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
+    0x30, 0x30, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f,
+    0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x6d, 0x31, 0x3f, 0x30, 0x3d,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x36, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x44, 0x41,
+    0x43, 0x20, 0x30, 0x30, 0x30, 0x30, 0x20, 0x43, 0x44, 0x50, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x20, 0x50, 0x41, 0x49,
+    0x20, 0x46, 0x46, 0x46, 0x32, 0x20, 0x38, 0x30, 0x30, 0x34, 0x20, 0x54, 0x77, 0x6f, 0x20, 0x43, 0x44, 0x50, 0x73, 0x31, 0x14,
+    0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31,
+    0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30,
+    0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03,
+    0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xa0, 0xab, 0x25, 0xaf, 0x17, 0x68, 0x01, 0x2c, 0xa9, 0x0d, 0xe9, 0x49, 0x5f, 0x85, 0xa5,
+    0x4e, 0x4c, 0xe7, 0x3f, 0x19, 0xf9, 0x6b, 0x70, 0x1e, 0x7f, 0xb0, 0x7f, 0x6f, 0xa2, 0x62, 0xc5, 0xbd, 0xae, 0xc8, 0x08, 0x9b,
+    0x27, 0xae, 0x42, 0x09, 0x4f, 0xb8, 0x6f, 0x61, 0x17, 0xff, 0xcf, 0xf2, 0xda, 0xa5, 0xfd, 0xa5, 0x5d, 0xe0, 0x12, 0xe2, 0xa3,
+    0x4a, 0xe7, 0x15, 0xcd, 0x71, 0x86, 0x2b, 0xa3, 0x82, 0x01, 0x1e, 0x30, 0x82, 0x01, 0x1a, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d,
+    0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
+    0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x2d, 0x72, 0x52, 0xec, 0xf4, 0xc3, 0xc0,
+    0x97, 0xb1, 0xe9, 0x18, 0xc4, 0xd5, 0x2f, 0xeb, 0x94, 0x19, 0x51, 0xde, 0x70, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
+    0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22,
+    0x5f, 0x32, 0x52, 0x88, 0x30, 0x81, 0xb9, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x81, 0xb1, 0x30, 0x81, 0xae, 0x30, 0x55, 0xa0,
+    0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
+    0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0xa2, 0x32, 0xa4, 0x30, 0x30, 0x2e, 0x31, 0x2c, 0x30, 0x2a,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x23, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41,
+    0x49, 0x20, 0x4d, 0x76, 0x69, 0x64, 0x3a, 0x46, 0x46, 0x46, 0x32, 0x20, 0x4d, 0x70, 0x69, 0x64, 0x3a, 0x38, 0x30, 0x30, 0x34,
+    0x30, 0x55, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70,
+    0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0xa2, 0x32, 0xa4, 0x30, 0x30, 0x2e, 0x31,
+    0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x23, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74,
+    0x20, 0x50, 0x41, 0x49, 0x20, 0x4d, 0x76, 0x69, 0x64, 0x3a, 0x46, 0x46, 0x46, 0x32, 0x20, 0x4d, 0x70, 0x69, 0x64, 0x3a, 0x38,
+    0x30, 0x30, 0x34, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02,
+    0x20, 0x7a, 0xcd, 0xbb, 0x4d, 0x37, 0xb8, 0xd1, 0x10, 0x6f, 0x36, 0x32, 0xe4, 0x16, 0x84, 0x8e, 0x64, 0xca, 0xba, 0xcb, 0x70,
+    0x14, 0xc3, 0x31, 0x18, 0xb1, 0x21, 0xb6, 0x49, 0xc4, 0x1a, 0x4e, 0x5f, 0x02, 0x21, 0x00, 0x90, 0x83, 0x94, 0xb9, 0xcc, 0xc7,
+    0x26, 0x95, 0x7b, 0x21, 0x0e, 0xf5, 0xbb, 0x19, 0x10, 0xfd, 0xf4, 0xd4, 0x96, 0xca, 0x96, 0xd2, 0x6e, 0xa2, 0x1e, 0xbe, 0x91,
+    0xee, 0x2c, 0xcb, 0x9b, 0x72,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_Cert =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_Cert_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_SKID_Array[] = {
+    0x2D, 0x72, 0x52, 0xEC, 0xF4, 0xC3, 0xC0, 0x97, 0xB1, 0xE9, 0x18, 0xC4, 0xD5, 0x2F, 0xEB, 0x94, 0x19, 0x51, 0xDE, 0x70,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_SKID =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_SKID_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-2CDPs-Issuer-PAI-FFF2-8004-Key.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_PublicKey_Array[] = {
+    0x04, 0xa0, 0xab, 0x25, 0xaf, 0x17, 0x68, 0x01, 0x2c, 0xa9, 0x0d, 0xe9, 0x49, 0x5f, 0x85, 0xa5, 0x4e,
+    0x4c, 0xe7, 0x3f, 0x19, 0xf9, 0x6b, 0x70, 0x1e, 0x7f, 0xb0, 0x7f, 0x6f, 0xa2, 0x62, 0xc5, 0xbd, 0xae,
+    0xc8, 0x08, 0x9b, 0x27, 0xae, 0x42, 0x09, 0x4f, 0xb8, 0x6f, 0x61, 0x17, 0xff, 0xcf, 0xf2, 0xda, 0xa5,
+    0xfd, 0xa5, 0x5d, 0xe0, 0x12, 0xe2, 0xa3, 0x4a, 0xe7, 0x15, 0xcd, 0x71, 0x86, 0x2b,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_PublicKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_PublicKey_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_PrivateKey_Array[] = {
+    0x14, 0x45, 0x87, 0x96, 0x42, 0x6e, 0x13, 0x08, 0xa2, 0x33, 0x67, 0xbc, 0xc7, 0x87, 0x90, 0xa5,
+    0x0c, 0x28, 0xf6, 0x32, 0x1f, 0x9a, 0x2e, 0x6a, 0x9a, 0xbe, 0xa3, 0x1b, 0x6b, 0xbf, 0xce, 0x8a,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_PrivateKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_PrivateKey_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Cert.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_Cert_Array[] = {
+    0x30, 0x82, 0x02, 0x9e, 0x30, 0x82, 0x02, 0x44, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x0c, 0x3e, 0xb9, 0xc8, 0xc6, 0xe3,
+    0x8e, 0x5a, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
+    0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
+    0x30, 0x30, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f,
+    0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x62, 0x31, 0x34, 0x30, 0x32,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2b, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x44, 0x41,
+    0x43, 0x20, 0x30, 0x30, 0x30, 0x30, 0x20, 0x43, 0x44, 0x50, 0x20, 0x32, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x73, 0x20,
+    0x50, 0x41, 0x41, 0x20, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2,
+    0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
+    0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+    0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x77, 0x44, 0x36, 0x9a, 0xb7,
+    0xf3, 0x62, 0x7c, 0x33, 0xb2, 0x9b, 0xa5, 0x40, 0x8e, 0xe8, 0x06, 0xc3, 0x76, 0x31, 0x83, 0x0b, 0xe8, 0xf6, 0xbc, 0xef, 0xa4,
+    0xf5, 0x59, 0xbf, 0x66, 0x1b, 0xe0, 0xb1, 0x5e, 0x59, 0x2b, 0xc9, 0xb2, 0xc6, 0x71, 0x9a, 0x84, 0x9e, 0xea, 0x14, 0x51, 0x12,
+    0x6f, 0x29, 0x7b, 0xa6, 0x2f, 0x40, 0x6f, 0x03, 0x45, 0x32, 0xc6, 0x27, 0x82, 0x8a, 0xfe, 0x66, 0xb5, 0xa3, 0x81, 0xfd, 0x30,
+    0x81, 0xfa, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55,
+    0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
+    0x14, 0x60, 0xea, 0x47, 0xc9, 0x3d, 0xf9, 0x08, 0xf8, 0x5c, 0xa3, 0xcd, 0x53, 0x20, 0x12, 0x6b, 0x61, 0xf5, 0x0a, 0x05, 0xbd,
+    0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15,
+    0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88, 0x30, 0x81, 0x99, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04,
+    0x81, 0x91, 0x30, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f,
+    0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0xa2,
+    0x68, 0xa4, 0x32, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65,
+    0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01,
+    0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0xa4, 0x32, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+    0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x31,
+    0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31,
+    0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x5c, 0x80,
+    0x30, 0xef, 0x15, 0xba, 0xee, 0xfc, 0x38, 0x83, 0x4a, 0xe2, 0x09, 0xa1, 0xed, 0x94, 0x51, 0x64, 0xdf, 0x97, 0xde, 0x2d, 0x96,
+    0x1f, 0x10, 0xd6, 0xf9, 0xf5, 0xe5, 0xb2, 0x9b, 0x98, 0x02, 0x21, 0x00, 0x94, 0x5f, 0x9a, 0x3a, 0x8e, 0xcb, 0x89, 0xca, 0x4c,
+    0x76, 0xa6, 0x03, 0x01, 0x78, 0x0f, 0x06, 0xb9, 0xbd, 0x8e, 0x20, 0x9e, 0x07, 0x43, 0x3a, 0xf6, 0x5a, 0x21, 0x05, 0x61, 0xfe,
+    0xa7, 0x09,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_Cert =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_Cert_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_SKID_Array[] = {
+    0x60, 0xEA, 0x47, 0xC9, 0x3D, 0xF9, 0x08, 0xF8, 0x5C, 0xA3, 0xCD, 0x53, 0x20, 0x12, 0x6B, 0x61, 0xF5, 0x0A, 0x05, 0xBD,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_SKID =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_SKID_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2CRLIssuers-PAA-FFF1-Key.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_PublicKey_Array[] = {
+    0x04, 0x77, 0x44, 0x36, 0x9a, 0xb7, 0xf3, 0x62, 0x7c, 0x33, 0xb2, 0x9b, 0xa5, 0x40, 0x8e, 0xe8, 0x06,
+    0xc3, 0x76, 0x31, 0x83, 0x0b, 0xe8, 0xf6, 0xbc, 0xef, 0xa4, 0xf5, 0x59, 0xbf, 0x66, 0x1b, 0xe0, 0xb1,
+    0x5e, 0x59, 0x2b, 0xc9, 0xb2, 0xc6, 0x71, 0x9a, 0x84, 0x9e, 0xea, 0x14, 0x51, 0x12, 0x6f, 0x29, 0x7b,
+    0xa6, 0x2f, 0x40, 0x6f, 0x03, 0x45, 0x32, 0xc6, 0x27, 0x82, 0x8a, 0xfe, 0x66, 0xb5,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_PublicKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_PublicKey_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_PrivateKey_Array[] = {
+    0x76, 0x3a, 0x6e, 0x2d, 0x10, 0x8a, 0x73, 0x36, 0x4f, 0xd0, 0x5b, 0xd0, 0x81, 0x9b, 0xe5, 0x3d,
+    0xcc, 0x90, 0x64, 0x61, 0x75, 0x32, 0x97, 0xbf, 0xdb, 0x8a, 0x65, 0x70, 0x3c, 0xbb, 0xd3, 0xcb,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_PrivateKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_PrivateKey_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Cert.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_Cert_Array[] = {
+    0x30, 0x82, 0x02, 0x4e, 0x30, 0x82, 0x01, 0xf4, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x1c, 0x5e, 0x9a, 0x1c, 0x51, 0x62,
+    0xe0, 0xef, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
+    0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
+    0x30, 0x30, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f,
+    0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x5d, 0x31, 0x2f, 0x30, 0x2d,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x26, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x44, 0x41,
+    0x43, 0x20, 0x30, 0x30, 0x30, 0x30, 0x20, 0x54, 0x77, 0x6f, 0x20, 0x43, 0x44, 0x50, 0x20, 0x28, 0x54, 0x77, 0x6f, 0x20, 0x44,
+    0x50, 0x73, 0x29, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04,
+    0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c,
+    0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
+    0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x9b, 0xf7, 0x29, 0x12, 0xc8, 0x94, 0x56, 0x06, 0x39, 0xa5,
+    0x3b, 0x42, 0xf3, 0x47, 0x40, 0xa6, 0xb5, 0x48, 0xec, 0x2e, 0xca, 0xdd, 0x58, 0x03, 0xae, 0xb8, 0x73, 0x6f, 0x32, 0xc0, 0x9b,
+    0x36, 0xf9, 0xac, 0x16, 0x24, 0xe9, 0x94, 0xf2, 0xf9, 0x24, 0x43, 0x12, 0x03, 0x6b, 0x2f, 0x43, 0x2c, 0x25, 0xa4, 0xb9, 0xd3,
+    0x0a, 0xb5, 0x49, 0x75, 0x9b, 0x89, 0x39, 0x18, 0xdf, 0xdb, 0x3c, 0xa0, 0xa3, 0x81, 0xb2, 0x30, 0x81, 0xaf, 0x30, 0x0c, 0x06,
+    0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff,
+    0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x8c, 0x2a, 0x72, 0x18,
+    0x7f, 0x79, 0x0e, 0xd6, 0xcb, 0x61, 0xe2, 0xd2, 0x4f, 0x19, 0xfa, 0x57, 0xcf, 0x30, 0x97, 0x60, 0x30, 0x1f, 0x06, 0x03, 0x55,
+    0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8,
+    0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88, 0x30, 0x4f, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x48, 0x30, 0x46, 0x30, 0x21, 0xa0,
+    0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
+    0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0x30, 0x21, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74,
+    0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c,
+    0x2e, 0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45,
+    0x02, 0x21, 0x00, 0xe6, 0xd5, 0x9f, 0xdc, 0x94, 0x5b, 0xa9, 0xa0, 0x5a, 0xd0, 0x8b, 0xb7, 0x53, 0x5d, 0xe3, 0x14, 0xed, 0x5a,
+    0x95, 0xf8, 0x5f, 0xa9, 0x0a, 0x54, 0xee, 0xe4, 0xdf, 0x6b, 0x48, 0x19, 0x9e, 0xcd, 0x02, 0x20, 0x35, 0x1d, 0x01, 0x95, 0x07,
+    0x29, 0xd3, 0x6d, 0x40, 0x6d, 0xed, 0x7f, 0xf7, 0x16, 0x54, 0xd2, 0x79, 0xaf, 0x93, 0xcd, 0x48, 0x83, 0x03, 0xb3, 0xcf, 0x8e,
+    0x43, 0xb1, 0x45, 0xf8, 0x95, 0xc8,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_Cert = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_Cert_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_SKID_Array[] = {
+    0x8C, 0x2A, 0x72, 0x18, 0x7F, 0x79, 0x0E, 0xD6, 0xCB, 0x61, 0xE2, 0xD2, 0x4F, 0x19, 0xFA, 0x57, 0xCF, 0x30, 0x97, 0x60,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_SKID = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_SKID_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2DPs-Key.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_PublicKey_Array[] = {
+    0x04, 0x9b, 0xf7, 0x29, 0x12, 0xc8, 0x94, 0x56, 0x06, 0x39, 0xa5, 0x3b, 0x42, 0xf3, 0x47, 0x40, 0xa6,
+    0xb5, 0x48, 0xec, 0x2e, 0xca, 0xdd, 0x58, 0x03, 0xae, 0xb8, 0x73, 0x6f, 0x32, 0xc0, 0x9b, 0x36, 0xf9,
+    0xac, 0x16, 0x24, 0xe9, 0x94, 0xf2, 0xf9, 0x24, 0x43, 0x12, 0x03, 0x6b, 0x2f, 0x43, 0x2c, 0x25, 0xa4,
+    0xb9, 0xd3, 0x0a, 0xb5, 0x49, 0x75, 0x9b, 0x89, 0x39, 0x18, 0xdf, 0xdb, 0x3c, 0xa0,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_PublicKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_PublicKey_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_PrivateKey_Array[] = {
+    0x3b, 0x30, 0xab, 0x4d, 0x74, 0x97, 0x71, 0x6a, 0x41, 0xb1, 0xf1, 0xe6, 0x03, 0x07, 0x35, 0x56,
+    0x7c, 0x68, 0x43, 0x3a, 0x9f, 0x6a, 0xca, 0x2d, 0x5c, 0x6d, 0xbe, 0x4e, 0xc8, 0x7c, 0x4c, 0x37,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_PrivateKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_PrivateKey_Array);
+
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Cert.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_Cert_Array[] = {
-    0x30, 0x82, 0x02, 0x4a, 0x30, 0x82, 0x01, 0xf0, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5f, 0x3c, 0x14, 0xa5, 0x76, 0x9a,
-    0x55, 0x2d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x30, 0x82, 0x02, 0x45, 0x30, 0x82, 0x01, 0xeb, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x79, 0xdc, 0xe9, 0x4d, 0xf9, 0x23,
+    0x1f, 0xc6, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
     0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
     0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
     0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
@@ -97,29 +364,28 @@ constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_Cert_Array[] = {
     0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
     0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
     0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
-    0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xda, 0x46, 0x42, 0x76, 0xca, 0x8a, 0x5b, 0x0f, 0x9f, 0x48, 0xcb, 0xa6, 0x07,
-    0xff, 0xed, 0x92, 0xf6, 0xa8, 0x13, 0x14, 0x67, 0x61, 0xf8, 0x7b, 0xb9, 0x00, 0xef, 0x6c, 0x43, 0x6b, 0xe8, 0x01, 0xe6, 0xa7,
-    0xc5, 0xc8, 0xe9, 0x62, 0x09, 0xcb, 0x11, 0x04, 0x6a, 0xef, 0xaf, 0x8e, 0x2b, 0x03, 0x99, 0xb6, 0x29, 0xf5, 0x20, 0x03, 0x42,
-    0xb4, 0x8c, 0x34, 0x7a, 0x91, 0x99, 0x87, 0xe3, 0x57, 0xa3, 0x81, 0xb1, 0x30, 0x81, 0xae, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d,
+    0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xc5, 0x97, 0x95, 0x2e, 0xb3, 0x2c, 0x60, 0x8b, 0x0e, 0xf1, 0x63, 0x53, 0x71,
+    0x9d, 0xba, 0xac, 0x52, 0x83, 0xec, 0x1a, 0x8e, 0x8a, 0xca, 0x40, 0x8c, 0x92, 0xf0, 0xa2, 0x56, 0x46, 0x5f, 0xe0, 0xb7, 0x36,
+    0xc7, 0xe2, 0x6b, 0xc0, 0x40, 0xf0, 0x58, 0xc2, 0xa0, 0x14, 0x37, 0x78, 0x5b, 0xdf, 0xf9, 0x52, 0xdb, 0x6d, 0xf7, 0x7d, 0xd5,
+    0x87, 0x97, 0x97, 0x58, 0x85, 0x28, 0xf1, 0xb7, 0x25, 0xa3, 0x81, 0xac, 0x30, 0x81, 0xa9, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d,
     0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03,
-    0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xcc, 0xac, 0x78, 0x09, 0x9a, 0xc4, 0x7f,
-    0xad, 0x7a, 0x0e, 0xb9, 0x01, 0x2c, 0xc8, 0xf4, 0x22, 0x88, 0x09, 0xab, 0x61, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
+    0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3e, 0x18, 0x83, 0x15, 0x9c, 0x2a, 0x73,
+    0xcc, 0x28, 0x24, 0x16, 0xed, 0x83, 0x90, 0x12, 0xf1, 0x87, 0x5e, 0x66, 0x07, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
     0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22,
-    0x5f, 0x32, 0x52, 0x88, 0x30, 0x4e, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x47, 0x30, 0x45, 0x30, 0x20, 0xa0, 0x1e, 0xa0, 0x1c,
-    0x86, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
-    0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0x30, 0x21, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
-    0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x32, 0x2e, 0x70, 0x65, 0x6d,
-    0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x6a, 0x14,
-    0x34, 0xc3, 0x4c, 0xd3, 0xb5, 0x4c, 0x1c, 0xa7, 0x9b, 0xc5, 0x08, 0x42, 0xe7, 0xdd, 0xd5, 0xed, 0xb7, 0x78, 0xc5, 0xa2, 0x85,
-    0xe9, 0xae, 0x54, 0x61, 0xff, 0x1d, 0x76, 0x39, 0x7f, 0x02, 0x21, 0x00, 0xed, 0x4d, 0xe2, 0x03, 0xd2, 0x5a, 0xd5, 0xd3, 0x71,
-    0xfb, 0xb3, 0x4d, 0x5c, 0x9c, 0xf7, 0xbe, 0xa9, 0x12, 0xd6, 0x88, 0x45, 0x5e, 0x4a, 0xdf, 0xe0, 0x2f, 0x7f, 0x09, 0x64, 0x3f,
-    0x88, 0xbc,
+    0x5f, 0x32, 0x52, 0x88, 0x30, 0x49, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x42, 0x30, 0x40, 0x30, 0x3e, 0xa0, 0x3c, 0xa0, 0x3a,
+    0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d,
+    0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61,
+    0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a,
+    0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xad, 0x31, 0x8a, 0x74, 0x8f, 0x45,
+    0x04, 0x9e, 0xbe, 0x2b, 0xe6, 0xc5, 0xa5, 0x90, 0xb8, 0x49, 0xab, 0x00, 0xba, 0x69, 0xbc, 0x5f, 0xc8, 0x40, 0xf5, 0x5e, 0x4b,
+    0xa8, 0xf5, 0x81, 0x44, 0xf8, 0x02, 0x20, 0x0f, 0x59, 0xe1, 0xfd, 0x5f, 0x70, 0xcd, 0x73, 0x82, 0x1d, 0x90, 0x6d, 0x4e, 0xf4,
+    0xc7, 0x61, 0xdb, 0x3c, 0xda, 0x3f, 0xa8, 0xe8, 0x58, 0xd1, 0xe1, 0xe8, 0x05, 0xeb, 0xcf, 0x15, 0xe9, 0xb8,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_Cert = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_Cert_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_SKID_Array[] = {
-    0xCC, 0xAC, 0x78, 0x09, 0x9A, 0xC4, 0x7F, 0xAD, 0x7A, 0x0E, 0xB9, 0x01, 0x2C, 0xC8, 0xF4, 0x22, 0x88, 0x09, 0xAB, 0x61,
+    0x3E, 0x18, 0x83, 0x15, 0x9C, 0x2A, 0x73, 0xCC, 0x28, 0x24, 0x16, 0xED, 0x83, 0x90, 0x12, 0xF1, 0x87, 0x5E, 0x66, 0x07,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_SKID = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_SKID_Array);
@@ -127,18 +393,18 @@ extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_SKID = ByteSpan(sTe
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-2URIs-Key.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_PublicKey_Array[] = {
-    0x04, 0xda, 0x46, 0x42, 0x76, 0xca, 0x8a, 0x5b, 0x0f, 0x9f, 0x48, 0xcb, 0xa6, 0x07, 0xff, 0xed, 0x92,
-    0xf6, 0xa8, 0x13, 0x14, 0x67, 0x61, 0xf8, 0x7b, 0xb9, 0x00, 0xef, 0x6c, 0x43, 0x6b, 0xe8, 0x01, 0xe6,
-    0xa7, 0xc5, 0xc8, 0xe9, 0x62, 0x09, 0xcb, 0x11, 0x04, 0x6a, 0xef, 0xaf, 0x8e, 0x2b, 0x03, 0x99, 0xb6,
-    0x29, 0xf5, 0x20, 0x03, 0x42, 0xb4, 0x8c, 0x34, 0x7a, 0x91, 0x99, 0x87, 0xe3, 0x57,
+    0x04, 0xc5, 0x97, 0x95, 0x2e, 0xb3, 0x2c, 0x60, 0x8b, 0x0e, 0xf1, 0x63, 0x53, 0x71, 0x9d, 0xba, 0xac,
+    0x52, 0x83, 0xec, 0x1a, 0x8e, 0x8a, 0xca, 0x40, 0x8c, 0x92, 0xf0, 0xa2, 0x56, 0x46, 0x5f, 0xe0, 0xb7,
+    0x36, 0xc7, 0xe2, 0x6b, 0xc0, 0x40, 0xf0, 0x58, 0xc2, 0xa0, 0x14, 0x37, 0x78, 0x5b, 0xdf, 0xf9, 0x52,
+    0xdb, 0x6d, 0xf7, 0x7d, 0xd5, 0x87, 0x97, 0x97, 0x58, 0x85, 0x28, 0xf1, 0xb7, 0x25,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_PublicKey =
     ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_PublicKey_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_PrivateKey_Array[] = {
-    0xbd, 0xc5, 0xcc, 0x3d, 0x9b, 0x85, 0x0d, 0x14, 0x0b, 0x6e, 0x1d, 0xea, 0xf5, 0xd2, 0xb7, 0xcb,
-    0x63, 0xfc, 0x71, 0xf6, 0x4e, 0x6c, 0xa8, 0x9a, 0xf3, 0x34, 0xb9, 0x98, 0x43, 0x7e, 0x6d, 0xc7,
+    0x7b, 0x48, 0x60, 0x42, 0xa0, 0xc4, 0xa4, 0x45, 0x07, 0x02, 0x30, 0xf5, 0xcb, 0xd9, 0xe7, 0x3e,
+    0x9d, 0xb9, 0x2e, 0x03, 0xc6, 0x38, 0x0b, 0xc3, 0x6e, 0xcb, 0x4c, 0xd6, 0x32, 0x12, 0x24, 0xfd,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_PrivateKey =
@@ -147,8 +413,8 @@ extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_PrivateKey =
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Cert.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Cert_Array[] = {
-    0x30, 0x82, 0x02, 0x23, 0x30, 0x82, 0x01, 0xc9, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x71, 0x65, 0x6d, 0x1b, 0x7a, 0x2e,
-    0x16, 0xa4, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x30, 0x82, 0x02, 0x24, 0x30, 0x82, 0x01, 0xc9, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x48, 0xff, 0xdf, 0xfd, 0xee, 0x63,
+    0x1a, 0x43, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
     0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
     0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
     0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
@@ -159,27 +425,27 @@ constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Cert_Array[] = {
     0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30,
     0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59,
     0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
-    0x03, 0x42, 0x00, 0x04, 0xe3, 0x01, 0x1e, 0xde, 0x9f, 0x51, 0x5a, 0xb3, 0xe9, 0xba, 0x93, 0x25, 0xfe, 0xf2, 0x3b, 0x96, 0xcd,
-    0x71, 0x5c, 0x3a, 0xea, 0x38, 0xce, 0x81, 0x1e, 0x88, 0xfc, 0x6d, 0xe7, 0xac, 0x30, 0x26, 0x23, 0xfb, 0xa7, 0x06, 0x8b, 0x3e,
-    0x09, 0xd3, 0xfe, 0x54, 0x9b, 0x11, 0xcc, 0x5f, 0x0e, 0x59, 0x6c, 0x4e, 0xdb, 0xce, 0x3e, 0x7b, 0xa2, 0x27, 0x1f, 0xb8, 0xd0,
-    0x9a, 0xf4, 0x21, 0x9e, 0x3d, 0xa3, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
+    0x03, 0x42, 0x00, 0x04, 0x41, 0xae, 0x76, 0xb7, 0x7c, 0xde, 0xab, 0x80, 0x5c, 0x45, 0x77, 0xd2, 0x57, 0xb6, 0x9e, 0xa9, 0xe6,
+    0x24, 0x4f, 0x28, 0xb1, 0xc1, 0x79, 0x8f, 0xd0, 0x3d, 0xec, 0x54, 0xdc, 0x0e, 0x84, 0xa5, 0x0b, 0x92, 0x9e, 0xdd, 0x29, 0xbe,
+    0x31, 0xd3, 0x86, 0x71, 0x25, 0xef, 0x15, 0x66, 0x9e, 0xbd, 0x93, 0x11, 0xef, 0x66, 0x5c, 0x74, 0x21, 0x38, 0x68, 0xc4, 0xad,
+    0x9c, 0xae, 0x04, 0x54, 0xc9, 0xa3, 0x81, 0x8e, 0x30, 0x81, 0x8b, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
     0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30,
-    0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x68, 0x43, 0xc8, 0x33, 0xa3, 0x39, 0x9f, 0x98, 0x42, 0x15, 0x3e,
-    0xb1, 0xac, 0xcf, 0x2f, 0x95, 0x58, 0x5f, 0x1a, 0x50, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
+    0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xef, 0x78, 0x85, 0xe0, 0x97, 0xd3, 0x15, 0xfd, 0x09, 0x3b, 0x10,
+    0xae, 0x55, 0xc9, 0xf4, 0x70, 0x11, 0x13, 0xe7, 0x8d, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
     0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88,
     0x30, 0x2b, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x24, 0x30, 0x22, 0x30, 0x20, 0xa0, 0x1e, 0xa0, 0x1c, 0x86, 0x1a, 0x68, 0x74,
     0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e,
-    0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02,
-    0x20, 0x65, 0x4a, 0x4c, 0x13, 0x3b, 0xc9, 0xda, 0x4d, 0x14, 0x78, 0x35, 0xab, 0xfc, 0x24, 0xd5, 0x2c, 0xec, 0xa3, 0xa0, 0x8f,
-    0xa2, 0xf4, 0xe6, 0xea, 0xc2, 0xae, 0x60, 0x41, 0x1f, 0x36, 0xf5, 0xa4, 0x02, 0x21, 0x00, 0xaa, 0x1c, 0xa1, 0x93, 0x1f, 0xbc,
-    0x9a, 0xff, 0xd6, 0x47, 0x32, 0xab, 0xf3, 0x1e, 0xa8, 0xf6, 0x13, 0xc1, 0x67, 0x1f, 0x0f, 0x22, 0xa4, 0x31, 0x67, 0xe2, 0x8e,
-    0x9d, 0xac, 0x93, 0x1e, 0x18,
+    0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02,
+    0x21, 0x00, 0x83, 0xa2, 0xfa, 0x88, 0xb0, 0x21, 0xaa, 0xbd, 0xfe, 0xc2, 0x08, 0xaf, 0xe6, 0x8d, 0xfd, 0xe7, 0x2b, 0x3a, 0x0b,
+    0x38, 0xe3, 0xa7, 0x30, 0x2a, 0xfb, 0x71, 0x9a, 0x18, 0x11, 0x01, 0x56, 0x69, 0x02, 0x21, 0x00, 0xfd, 0xda, 0x03, 0xae, 0xf3,
+    0x66, 0x70, 0x34, 0xf7, 0xab, 0x9a, 0xd8, 0x65, 0x41, 0x3a, 0x53, 0x45, 0xa1, 0x10, 0x1a, 0xa7, 0xc7, 0xbe, 0x28, 0x33, 0xc4,
+    0xce, 0xd1, 0xdc, 0x33, 0x0d, 0x0d,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Cert = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Cert_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_SKID_Array[] = {
-    0x68, 0x43, 0xC8, 0x33, 0xA3, 0x39, 0x9F, 0x98, 0x42, 0x15, 0x3E, 0xB1, 0xAC, 0xCF, 0x2F, 0x95, 0x58, 0x5F, 0x1A, 0x50,
+    0xEF, 0x78, 0x85, 0xE0, 0x97, 0xD3, 0x15, 0xFD, 0x09, 0x3B, 0x10, 0xAE, 0x55, 0xC9, 0xF4, 0x70, 0x11, 0x13, 0xE7, 0x8D,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_SKID = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_SKID_Array);
@@ -187,26 +453,96 @@ extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_SKID = ByteSpan(sTestCert
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Key.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_PublicKey_Array[] = {
-    0x04, 0xe3, 0x01, 0x1e, 0xde, 0x9f, 0x51, 0x5a, 0xb3, 0xe9, 0xba, 0x93, 0x25, 0xfe, 0xf2, 0x3b, 0x96,
-    0xcd, 0x71, 0x5c, 0x3a, 0xea, 0x38, 0xce, 0x81, 0x1e, 0x88, 0xfc, 0x6d, 0xe7, 0xac, 0x30, 0x26, 0x23,
-    0xfb, 0xa7, 0x06, 0x8b, 0x3e, 0x09, 0xd3, 0xfe, 0x54, 0x9b, 0x11, 0xcc, 0x5f, 0x0e, 0x59, 0x6c, 0x4e,
-    0xdb, 0xce, 0x3e, 0x7b, 0xa2, 0x27, 0x1f, 0xb8, 0xd0, 0x9a, 0xf4, 0x21, 0x9e, 0x3d,
+    0x04, 0x41, 0xae, 0x76, 0xb7, 0x7c, 0xde, 0xab, 0x80, 0x5c, 0x45, 0x77, 0xd2, 0x57, 0xb6, 0x9e, 0xa9,
+    0xe6, 0x24, 0x4f, 0x28, 0xb1, 0xc1, 0x79, 0x8f, 0xd0, 0x3d, 0xec, 0x54, 0xdc, 0x0e, 0x84, 0xa5, 0x0b,
+    0x92, 0x9e, 0xdd, 0x29, 0xbe, 0x31, 0xd3, 0x86, 0x71, 0x25, 0xef, 0x15, 0x66, 0x9e, 0xbd, 0x93, 0x11,
+    0xef, 0x66, 0x5c, 0x74, 0x21, 0x38, 0x68, 0xc4, 0xad, 0x9c, 0xae, 0x04, 0x54, 0xc9,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_PublicKey = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_PublicKey_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_PrivateKey_Array[] = {
-    0x06, 0x59, 0xf2, 0x16, 0x77, 0x18, 0xe9, 0x0f, 0x12, 0x23, 0xba, 0xef, 0x44, 0x28, 0xf1, 0xb0,
-    0xce, 0xc4, 0x72, 0xb5, 0x5f, 0xbb, 0x07, 0xea, 0x87, 0xd7, 0x39, 0x89, 0x9c, 0xf7, 0x31, 0x6a,
+    0x25, 0xf8, 0xc0, 0x52, 0xd4, 0x8e, 0x6a, 0x87, 0xee, 0x4d, 0xce, 0x75, 0xda, 0xf3, 0x63, 0xd6,
+    0x60, 0xf9, 0x01, 0x36, 0x58, 0xcd, 0x30, 0x55, 0x3e, 0x21, 0xb8, 0x5b, 0xa2, 0xba, 0xbe, 0x03,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_PrivateKey = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_PrivateKey_Array);
 
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Cert.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_Cert_Array[] = {
+    0x30, 0x82, 0x02, 0xca, 0x30, 0x82, 0x02, 0x71, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x43, 0x18, 0x55, 0x58, 0xe5, 0x90,
+    0x57, 0x75, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
+    0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
+    0x30, 0x30, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f,
+    0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x69, 0x31, 0x3b, 0x30, 0x39,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x32, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x44, 0x41,
+    0x43, 0x20, 0x30, 0x30, 0x30, 0x30, 0x20, 0x43, 0x44, 0x50, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x20, 0x50, 0x41, 0x41,
+    0x20, 0x46, 0x46, 0x46, 0x31, 0x20, 0x28, 0x54, 0x77, 0x6f, 0x20, 0x44, 0x50, 0x73, 0x29, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a,
+    0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06,
+    0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13,
+    0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42,
+    0x00, 0x04, 0x7d, 0xf8, 0x83, 0xcd, 0x5e, 0xdc, 0x72, 0x78, 0x14, 0x9e, 0x80, 0x0b, 0x3c, 0x30, 0x24, 0xe4, 0x45, 0xc5, 0x94,
+    0xb9, 0x11, 0x85, 0xcd, 0xe3, 0x08, 0x58, 0x7f, 0x4e, 0xae, 0xb6, 0x85, 0x59, 0x99, 0x6a, 0x0f, 0xae, 0x19, 0x50, 0x1d, 0x9f,
+    0xb3, 0xbf, 0x11, 0x12, 0x51, 0xc5, 0x79, 0x96, 0x5d, 0xd6, 0x59, 0x4f, 0x9a, 0x88, 0x4e, 0x5c, 0x6f, 0x39, 0x11, 0x78, 0xf8,
+    0x2b, 0xe9, 0x57, 0xa3, 0x82, 0x01, 0x22, 0x30, 0x82, 0x01, 0x1e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
+    0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30,
+    0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3c, 0x83, 0xb5, 0x8a, 0x32, 0xbc, 0x20, 0x02, 0xad, 0x83, 0x6b,
+    0x97, 0xdf, 0x10, 0xe1, 0x1c, 0x81, 0x96, 0x99, 0x8f, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
+    0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88,
+    0x30, 0x81, 0xbd, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x81, 0xb5, 0x30, 0x81, 0xb2, 0x30, 0x57, 0xa0, 0x1f, 0xa0, 0x1d, 0x86,
+    0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+    0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0xa2, 0x34, 0xa4, 0x32, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x31, 0x14, 0x30,
+    0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x30, 0x57,
+    0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
+    0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0xa2, 0x34, 0xa4, 0x32, 0x30, 0x30, 0x31, 0x18, 0x30,
+    0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50,
+    0x41, 0x41, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46,
+    0x46, 0x46, 0x31, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02,
+    0x20, 0x67, 0xb1, 0xbc, 0x0e, 0xe3, 0xfb, 0x52, 0xc1, 0x5a, 0xbf, 0x39, 0x1e, 0xf6, 0xd8, 0x3c, 0xe4, 0xa8, 0x30, 0x73, 0x01,
+    0xaa, 0x78, 0x1f, 0x17, 0xf5, 0xf7, 0xe9, 0xab, 0x3c, 0x06, 0xb2, 0x89, 0x02, 0x20, 0x57, 0xe0, 0x86, 0x4e, 0xf8, 0x16, 0x8d,
+    0xc9, 0xb1, 0x50, 0xf5, 0x5b, 0xd0, 0xed, 0xb1, 0x0a, 0xa2, 0x17, 0x96, 0x56, 0x6e, 0x4f, 0x60, 0x79, 0xb5, 0xb9, 0x1d, 0x08,
+    0x99, 0x8b, 0x92, 0xab,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_Cert =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_Cert_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_SKID_Array[] = {
+    0x3C, 0x83, 0xB5, 0x8A, 0x32, 0xBC, 0x20, 0x02, 0xAD, 0x83, 0x6B, 0x97, 0xDF, 0x10, 0xE1, 0x1C, 0x81, 0x96, 0x99, 0x8F,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_SKID =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_SKID_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-CRL-Issuer-PAA-FFF1-2DPs-Key.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_PublicKey_Array[] = {
+    0x04, 0x7d, 0xf8, 0x83, 0xcd, 0x5e, 0xdc, 0x72, 0x78, 0x14, 0x9e, 0x80, 0x0b, 0x3c, 0x30, 0x24, 0xe4,
+    0x45, 0xc5, 0x94, 0xb9, 0x11, 0x85, 0xcd, 0xe3, 0x08, 0x58, 0x7f, 0x4e, 0xae, 0xb6, 0x85, 0x59, 0x99,
+    0x6a, 0x0f, 0xae, 0x19, 0x50, 0x1d, 0x9f, 0xb3, 0xbf, 0x11, 0x12, 0x51, 0xc5, 0x79, 0x96, 0x5d, 0xd6,
+    0x59, 0x4f, 0x9a, 0x88, 0x4e, 0x5c, 0x6f, 0x39, 0x11, 0x78, 0xf8, 0x2b, 0xe9, 0x57,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_PublicKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_PublicKey_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_PrivateKey_Array[] = {
+    0x55, 0x95, 0xd2, 0x25, 0x87, 0x8c, 0x8a, 0xf7, 0xa4, 0x83, 0xd9, 0x0f, 0x11, 0x7b, 0x3b, 0x72,
+    0x87, 0x24, 0x42, 0x38, 0x00, 0x16, 0xf0, 0x4c, 0x6d, 0x10, 0x47, 0xcc, 0x05, 0xb0, 0xe6, 0x2f,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_PrivateKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_PrivateKey_Array);
+
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Cert.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_Cert_Array[] = {
-    0x30, 0x82, 0x02, 0x25, 0x30, 0x82, 0x01, 0xcb, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x34, 0xa8, 0x41, 0x5b, 0x7d, 0x3f,
-    0x2b, 0x1e, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x30, 0x82, 0x02, 0x24, 0x30, 0x82, 0x01, 0xcb, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x17, 0xfe, 0x6d, 0x6b, 0xe9, 0xbe,
+    0xd2, 0x13, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
     0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
     0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
     0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
@@ -217,27 +553,27 @@ constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_Cert_Array[] = {
     0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14,
     0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30,
     0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01,
-    0x07, 0x03, 0x42, 0x00, 0x04, 0xd9, 0x2b, 0x24, 0xde, 0x51, 0x6b, 0x8e, 0xcd, 0x3e, 0x68, 0x62, 0xde, 0x87, 0xfc, 0x3b, 0xf7,
-    0x7e, 0x70, 0x11, 0x71, 0xc7, 0x0b, 0x59, 0x8c, 0xff, 0x5f, 0x02, 0x7f, 0x02, 0xb8, 0x20, 0xe7, 0xfa, 0x07, 0xba, 0xd4, 0xe4,
-    0xd8, 0xbe, 0x26, 0x1c, 0x08, 0xfb, 0x31, 0x95, 0xd5, 0xa8, 0x34, 0x82, 0x3a, 0x28, 0xcc, 0x47, 0x03, 0xb7, 0xc5, 0x15, 0x7e,
-    0x14, 0x9e, 0x5e, 0xaa, 0x78, 0x05, 0xa3, 0x81, 0x8f, 0x30, 0x81, 0x8c, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01,
+    0x07, 0x03, 0x42, 0x00, 0x04, 0xea, 0xb8, 0x46, 0xdd, 0x7d, 0x1f, 0x88, 0x4f, 0xe7, 0x17, 0x8a, 0x22, 0x41, 0xa7, 0xdf, 0x5d,
+    0x31, 0xf4, 0xb9, 0x1b, 0xc6, 0xbb, 0x7a, 0x08, 0x74, 0x09, 0xb9, 0x99, 0x35, 0x2a, 0xcf, 0x03, 0xae, 0xc8, 0x4c, 0x92, 0x5b,
+    0xf6, 0xc2, 0x01, 0x22, 0xee, 0xe8, 0x4d, 0x7e, 0x81, 0x12, 0xbb, 0xce, 0xc2, 0x31, 0xe3, 0xb4, 0x22, 0x1a, 0x9d, 0x61, 0x18,
+    0xdc, 0x79, 0x4b, 0x6e, 0xbd, 0x87, 0xa3, 0x81, 0x8f, 0x30, 0x81, 0x8c, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01,
     0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80,
-    0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa3, 0x02, 0x33, 0xf8, 0x6f, 0x40, 0xd1, 0x1a, 0xc5, 0x5f,
-    0x80, 0xa5, 0xc0, 0xa9, 0x2a, 0x50, 0x6f, 0xea, 0x9f, 0x31, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16,
+    0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xe3, 0xbe, 0xa7, 0x29, 0x96, 0xdc, 0xf7, 0x6b, 0xb9, 0xb0,
+    0xf1, 0x1d, 0x19, 0x2b, 0xba, 0x17, 0xe9, 0x5c, 0x32, 0xf8, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16,
     0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52,
     0x88, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x25, 0x30, 0x23, 0x30, 0x21, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68,
     0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72,
-    0x6c, 0x2e, 0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30,
-    0x45, 0x02, 0x20, 0x53, 0xec, 0xea, 0xda, 0x3c, 0x5d, 0x4b, 0xb7, 0x50, 0xcb, 0xe7, 0xf8, 0xd1, 0x09, 0x59, 0x12, 0xd4, 0xc8,
-    0xe5, 0xfb, 0x1f, 0xef, 0x30, 0x24, 0x1f, 0xcf, 0x95, 0x83, 0x29, 0x40, 0xd0, 0x9a, 0x02, 0x21, 0x00, 0xb5, 0x57, 0x5e, 0xbc,
-    0xa7, 0x1b, 0x84, 0x7e, 0x77, 0xd5, 0xd5, 0xd1, 0x41, 0x06, 0xbb, 0x87, 0xbf, 0x37, 0x9d, 0x92, 0xa4, 0x9d, 0xea, 0x8d, 0x10,
-    0xa0, 0xe1, 0x8b, 0x48, 0x10, 0x2e, 0x1f,
+    0x6c, 0x2e, 0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30,
+    0x44, 0x02, 0x20, 0x2a, 0xc7, 0x6a, 0x56, 0xd7, 0xa4, 0xb9, 0x7e, 0x76, 0x2c, 0x95, 0x50, 0x88, 0x41, 0xe2, 0xd5, 0x54, 0x55,
+    0x1a, 0x06, 0x8f, 0xc8, 0x32, 0x06, 0xd8, 0xb2, 0x7f, 0xe5, 0xae, 0x55, 0x76, 0x5e, 0x02, 0x20, 0x20, 0xbb, 0xa5, 0x49, 0xc7,
+    0xcd, 0x9d, 0xbe, 0x64, 0x0b, 0xe8, 0x2c, 0x68, 0xa3, 0xfc, 0x36, 0xb0, 0xb0, 0xed, 0xf5, 0x5f, 0x70, 0xfd, 0xb1, 0x7c, 0xb2,
+    0x45, 0x81, 0x00, 0x83, 0xd6, 0x75,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_Cert = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_Cert_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_SKID_Array[] = {
-    0xA3, 0x02, 0x33, 0xF8, 0x6F, 0x40, 0xD1, 0x1A, 0xC5, 0x5F, 0x80, 0xA5, 0xC0, 0xA9, 0x2A, 0x50, 0x6F, 0xEA, 0x9F, 0x31,
+    0xE3, 0xBE, 0xA7, 0x29, 0x96, 0xDC, 0xF7, 0x6B, 0xB9, 0xB0, 0xF1, 0x1D, 0x19, 0x2B, 0xBA, 0x17, 0xE9, 0x5C, 0x32, 0xF8,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_SKID = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_SKID_Array);
@@ -245,28 +581,289 @@ extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_SKID = ByteSpan(sTe
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-HTTPS-Key.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_PublicKey_Array[] = {
-    0x04, 0xd9, 0x2b, 0x24, 0xde, 0x51, 0x6b, 0x8e, 0xcd, 0x3e, 0x68, 0x62, 0xde, 0x87, 0xfc, 0x3b, 0xf7,
-    0x7e, 0x70, 0x11, 0x71, 0xc7, 0x0b, 0x59, 0x8c, 0xff, 0x5f, 0x02, 0x7f, 0x02, 0xb8, 0x20, 0xe7, 0xfa,
-    0x07, 0xba, 0xd4, 0xe4, 0xd8, 0xbe, 0x26, 0x1c, 0x08, 0xfb, 0x31, 0x95, 0xd5, 0xa8, 0x34, 0x82, 0x3a,
-    0x28, 0xcc, 0x47, 0x03, 0xb7, 0xc5, 0x15, 0x7e, 0x14, 0x9e, 0x5e, 0xaa, 0x78, 0x05,
+    0x04, 0xea, 0xb8, 0x46, 0xdd, 0x7d, 0x1f, 0x88, 0x4f, 0xe7, 0x17, 0x8a, 0x22, 0x41, 0xa7, 0xdf, 0x5d,
+    0x31, 0xf4, 0xb9, 0x1b, 0xc6, 0xbb, 0x7a, 0x08, 0x74, 0x09, 0xb9, 0x99, 0x35, 0x2a, 0xcf, 0x03, 0xae,
+    0xc8, 0x4c, 0x92, 0x5b, 0xf6, 0xc2, 0x01, 0x22, 0xee, 0xe8, 0x4d, 0x7e, 0x81, 0x12, 0xbb, 0xce, 0xc2,
+    0x31, 0xe3, 0xb4, 0x22, 0x1a, 0x9d, 0x61, 0x18, 0xdc, 0x79, 0x4b, 0x6e, 0xbd, 0x87,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_PublicKey =
     ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_PublicKey_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_PrivateKey_Array[] = {
-    0x04, 0xa4, 0x15, 0x03, 0x86, 0x39, 0xd1, 0x4e, 0x62, 0x92, 0x6f, 0x46, 0x1a, 0x62, 0x55, 0xd7,
-    0xa3, 0x0b, 0x0b, 0xdc, 0xac, 0x6a, 0x98, 0xcd, 0xf8, 0x8b, 0x16, 0x70, 0x2a, 0x72, 0x9f, 0x3b,
+    0x77, 0x46, 0x27, 0xd2, 0x38, 0xd1, 0xda, 0x3a, 0xf8, 0xd4, 0xe5, 0x8d, 0xa6, 0x35, 0x69, 0x79,
+    0x6d, 0xbd, 0xf9, 0x89, 0xfc, 0xea, 0xd6, 0x81, 0x06, 0xe2, 0xed, 0x1e, 0xca, 0x3c, 0x28, 0xf7,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_PrivateKey =
     ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_PrivateKey_Array);
 
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Cert.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_Cert_Array[] = {
+    0x30, 0x82, 0x02, 0x64, 0x30, 0x82, 0x02, 0x09, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x17, 0x02, 0xc4, 0x10, 0x4d, 0xb5,
+    0x94, 0xcf, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
+    0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
+    0x30, 0x30, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f,
+    0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x5f, 0x31, 0x31, 0x30, 0x2f,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x28, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x44, 0x41,
+    0x43, 0x20, 0x30, 0x30, 0x30, 0x30, 0x20, 0x43, 0x44, 0x50, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x20, 0x50, 0x41, 0x41,
+    0x20, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01,
+    0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02,
+    0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06,
+    0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x36, 0xd3, 0x26, 0xdd, 0xb5, 0xf0, 0xe3, 0xe6,
+    0xba, 0xcd, 0x3b, 0x33, 0xfb, 0x55, 0x05, 0xef, 0xb9, 0xca, 0xa3, 0xc0, 0xef, 0x9d, 0x51, 0x1d, 0x8e, 0x79, 0x21, 0x2e, 0x69,
+    0xc4, 0xa7, 0x63, 0xb8, 0x30, 0xd6, 0x71, 0x50, 0x39, 0x7a, 0xcd, 0xa2, 0x4e, 0xc6, 0xfe, 0x52, 0xce, 0x8d, 0x75, 0x78, 0xb6,
+    0x8f, 0x75, 0x8b, 0xd9, 0x26, 0x2b, 0xa2, 0x44, 0x0b, 0xe3, 0xf8, 0x5e, 0x47, 0xa8, 0xa3, 0x81, 0xc5, 0x30, 0x81, 0xc2, 0x30,
+    0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
+    0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd2, 0x08,
+    0xfc, 0xad, 0xb7, 0x8f, 0x13, 0x5e, 0xf4, 0x19, 0x0a, 0xf2, 0xf6, 0x48, 0x31, 0x82, 0x79, 0x08, 0x7a, 0xee, 0x30, 0x1f, 0x06,
+    0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf,
+    0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88, 0x30, 0x62, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x5b, 0x30, 0x59, 0x30,
+    0x57, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+    0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0xa2, 0x34, 0xa4, 0x32, 0x30, 0x30, 0x31, 0x18,
+    0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20,
+    0x50, 0x41, 0x41, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04,
+    0x46, 0x46, 0x46, 0x31, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46,
+    0x02, 0x21, 0x00, 0xea, 0xd0, 0x82, 0x83, 0x40, 0x27, 0xe4, 0x17, 0x93, 0x2e, 0x0d, 0xdc, 0x26, 0xe5, 0x0c, 0x16, 0xf9, 0xfd,
+    0x26, 0x80, 0x96, 0x9c, 0x33, 0xfa, 0x40, 0xcc, 0xf8, 0xc4, 0x22, 0xf1, 0xc7, 0xf7, 0x02, 0x21, 0x00, 0xa7, 0x08, 0xb0, 0x5e,
+    0xe6, 0x8b, 0x26, 0xda, 0x6d, 0x64, 0x44, 0x61, 0xbc, 0x42, 0x9f, 0xa2, 0x5f, 0x56, 0x2d, 0xd2, 0x2b, 0xa3, 0x55, 0xa7, 0x99,
+    0x37, 0x26, 0xb9, 0x39, 0xfb, 0x2e, 0xd0,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_Cert =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_Cert_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_SKID_Array[] = {
+    0xD2, 0x08, 0xFC, 0xAD, 0xB7, 0x8F, 0x13, 0x5E, 0xF4, 0x19, 0x0A, 0xF2, 0xF6, 0x48, 0x31, 0x82, 0x79, 0x08, 0x7A, 0xEE,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_SKID =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_SKID_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-FFF1-Key.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_PublicKey_Array[] = {
+    0x04, 0x36, 0xd3, 0x26, 0xdd, 0xb5, 0xf0, 0xe3, 0xe6, 0xba, 0xcd, 0x3b, 0x33, 0xfb, 0x55, 0x05, 0xef,
+    0xb9, 0xca, 0xa3, 0xc0, 0xef, 0x9d, 0x51, 0x1d, 0x8e, 0x79, 0x21, 0x2e, 0x69, 0xc4, 0xa7, 0x63, 0xb8,
+    0x30, 0xd6, 0x71, 0x50, 0x39, 0x7a, 0xcd, 0xa2, 0x4e, 0xc6, 0xfe, 0x52, 0xce, 0x8d, 0x75, 0x78, 0xb6,
+    0x8f, 0x75, 0x8b, 0xd9, 0x26, 0x2b, 0xa2, 0x44, 0x0b, 0xe3, 0xf8, 0x5e, 0x47, 0xa8,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_PublicKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_PublicKey_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_PrivateKey_Array[] = {
+    0x10, 0xed, 0x00, 0xde, 0xf0, 0x7b, 0x5e, 0x1d, 0x2b, 0xb3, 0x24, 0x47, 0x80, 0x70, 0x6c, 0xfe,
+    0xb6, 0xfb, 0xe7, 0x2a, 0x55, 0x59, 0xc0, 0x3a, 0x73, 0xd3, 0xa9, 0x9f, 0x38, 0x7f, 0xce, 0x9f,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_PrivateKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_PrivateKey_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Cert.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_Cert_Array[] = {
+    0x30, 0x82, 0x02, 0x4e, 0x30, 0x82, 0x01, 0xf4, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x4a, 0x98, 0x15, 0xd4, 0xb9, 0xdd,
+    0xcf, 0x73, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
+    0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
+    0x30, 0x30, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f,
+    0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x60, 0x31, 0x32, 0x30, 0x30,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x29, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x44, 0x41,
+    0x43, 0x20, 0x30, 0x30, 0x30, 0x30, 0x20, 0x43, 0x44, 0x50, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x20, 0x50, 0x41, 0x41,
+    0x20, 0x4e, 0x6f, 0x56, 0x49, 0x44, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02,
+    0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c,
+    0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
+    0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x6a, 0x2b, 0xed, 0xc7, 0x16, 0xb5, 0x63,
+    0x64, 0x7e, 0x66, 0xdb, 0x9a, 0x3e, 0x2d, 0xcd, 0x45, 0xf0, 0xbf, 0x58, 0x4d, 0x85, 0xa7, 0xd2, 0xdf, 0xf8, 0xff, 0xb1, 0x74,
+    0xb5, 0xd5, 0x5e, 0x7f, 0x1c, 0x54, 0x94, 0xbe, 0x7d, 0x7b, 0xc4, 0xe2, 0x9c, 0x11, 0x80, 0x9a, 0x20, 0x37, 0x61, 0x55, 0x6e,
+    0x39, 0x15, 0x75, 0x1e, 0x1d, 0x20, 0x1a, 0xab, 0x96, 0x7e, 0x3c, 0xec, 0xbc, 0xfb, 0x21, 0xa3, 0x81, 0xaf, 0x30, 0x81, 0xac,
+    0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f,
+    0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x20,
+    0xa8, 0x51, 0xb5, 0x59, 0x5a, 0x8b, 0x31, 0x28, 0x69, 0x03, 0xa6, 0x3f, 0xc9, 0x36, 0x00, 0x17, 0x39, 0xc0, 0x3e, 0x30, 0x1f,
+    0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec, 0x6e,
+    0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88, 0x30, 0x4c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x45, 0x30, 0x43,
+    0x30, 0x41, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70,
+    0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0xa2, 0x1e, 0xa4, 0x1c, 0x30, 0x1a, 0x31,
+    0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74,
+    0x20, 0x50, 0x41, 0x41, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45,
+    0x02, 0x21, 0x00, 0x83, 0xd3, 0xd4, 0xe5, 0xf5, 0x24, 0xea, 0x16, 0x6c, 0x14, 0x45, 0xed, 0x42, 0x08, 0xa5, 0xe3, 0x26, 0xf8,
+    0xff, 0xdd, 0xb7, 0xf1, 0xa1, 0xb8, 0xcf, 0xb9, 0xf2, 0x38, 0x06, 0xc2, 0xe5, 0x1f, 0x02, 0x20, 0x7f, 0x58, 0x66, 0x8c, 0x92,
+    0xb9, 0xd9, 0xaa, 0xfa, 0xb1, 0x93, 0xb7, 0x30, 0x82, 0xe2, 0x39, 0x85, 0x99, 0x9f, 0x22, 0xd8, 0xc0, 0xe0, 0x0e, 0x66, 0x19,
+    0x9d, 0x08, 0x06, 0x20, 0x52, 0x40,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_Cert =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_Cert_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_SKID_Array[] = {
+    0x20, 0xA8, 0x51, 0xB5, 0x59, 0x5A, 0x8B, 0x31, 0x28, 0x69, 0x03, 0xA6, 0x3F, 0xC9, 0x36, 0x00, 0x17, 0x39, 0xC0, 0x3E,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_SKID =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_SKID_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAA-NoVID-Key.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_PublicKey_Array[] = {
+    0x04, 0x6a, 0x2b, 0xed, 0xc7, 0x16, 0xb5, 0x63, 0x64, 0x7e, 0x66, 0xdb, 0x9a, 0x3e, 0x2d, 0xcd, 0x45,
+    0xf0, 0xbf, 0x58, 0x4d, 0x85, 0xa7, 0xd2, 0xdf, 0xf8, 0xff, 0xb1, 0x74, 0xb5, 0xd5, 0x5e, 0x7f, 0x1c,
+    0x54, 0x94, 0xbe, 0x7d, 0x7b, 0xc4, 0xe2, 0x9c, 0x11, 0x80, 0x9a, 0x20, 0x37, 0x61, 0x55, 0x6e, 0x39,
+    0x15, 0x75, 0x1e, 0x1d, 0x20, 0x1a, 0xab, 0x96, 0x7e, 0x3c, 0xec, 0xbc, 0xfb, 0x21,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_PublicKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_PublicKey_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_PrivateKey_Array[] = {
+    0x46, 0xd9, 0x9f, 0x1d, 0x8d, 0x65, 0xa0, 0x4d, 0x6f, 0xaf, 0x9b, 0xe7, 0x7b, 0x32, 0x6c, 0x7b,
+    0x4e, 0x65, 0x1f, 0x85, 0xd0, 0x9b, 0x00, 0xbf, 0x02, 0x03, 0x8b, 0x12, 0xe5, 0xf6, 0xf8, 0x89,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_PrivateKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_PrivateKey_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Cert.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Cert_Array[] = {
+    0x30, 0x82, 0x02, 0x66, 0x30, 0x82, 0x02, 0x0c, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x5f, 0xf5, 0xc6, 0x04, 0xbc, 0xa0,
+    0x73, 0x61, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
+    0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
+    0x30, 0x30, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f,
+    0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x64, 0x31, 0x36, 0x30, 0x34,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2d, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x44, 0x41,
+    0x43, 0x20, 0x30, 0x30, 0x30, 0x30, 0x20, 0x43, 0x44, 0x50, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x20, 0x50, 0x41, 0x49,
+    0x20, 0x46, 0x46, 0x46, 0x32, 0x20, 0x38, 0x30, 0x30, 0x34, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01,
+    0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
+    0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48,
+    0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x66, 0x8b, 0xf8,
+    0x10, 0x24, 0x2d, 0xcd, 0x4a, 0x8f, 0x0c, 0xc3, 0x8d, 0x71, 0x40, 0x82, 0xb5, 0x9f, 0x44, 0xfb, 0xe9, 0x27, 0x1c, 0xe6, 0x6a,
+    0x5d, 0x1b, 0xf4, 0xe3, 0x78, 0xf6, 0x81, 0xbc, 0x19, 0xf4, 0xab, 0x7a, 0xcb, 0x8a, 0x33, 0xb8, 0x4e, 0x3b, 0x4a, 0xe0, 0x44,
+    0xa9, 0xe3, 0x5e, 0xaa, 0x04, 0x53, 0xa4, 0x96, 0xa9, 0x05, 0x05, 0xf1, 0x57, 0xc2, 0x52, 0x69, 0xfe, 0x4f, 0xb7, 0xa3, 0x81,
+    0xc3, 0x30, 0x81, 0xc0, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06,
+    0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
+    0x16, 0x04, 0x14, 0xce, 0x80, 0xc0, 0x02, 0x33, 0x9b, 0xc6, 0x00, 0xd4, 0xf9, 0x4a, 0xf0, 0x95, 0xee, 0x64, 0xf0, 0x29, 0x42,
+    0x32, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb,
+    0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88, 0x30, 0x60, 0x06, 0x03, 0x55, 0x1d, 0x1f,
+    0x04, 0x59, 0x30, 0x57, 0x30, 0x55, 0xa0, 0x1f, 0xa0, 0x1d, 0x86, 0x1b, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65,
+    0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0xa2, 0x32, 0xa4,
+    0x30, 0x30, 0x2e, 0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x23, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20,
+    0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49, 0x20, 0x4d, 0x76, 0x69, 0x64, 0x3a, 0x46, 0x46, 0x46, 0x32, 0x20, 0x4d, 0x70,
+    0x69, 0x64, 0x3a, 0x38, 0x30, 0x30, 0x34, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48,
+    0x00, 0x30, 0x45, 0x02, 0x20, 0x08, 0x8c, 0xd3, 0x9b, 0x0b, 0xef, 0x30, 0x30, 0x07, 0x5e, 0xee, 0xcf, 0xb0, 0x3c, 0xad, 0xa6,
+    0xec, 0xc7, 0x46, 0x8b, 0xe7, 0x57, 0x9b, 0x75, 0x6b, 0xad, 0xe2, 0x7f, 0x2c, 0xc0, 0x3d, 0x21, 0x02, 0x21, 0x00, 0x84, 0xe6,
+    0x3d, 0xcc, 0xc3, 0x2b, 0xbe, 0x4d, 0x70, 0x77, 0x2b, 0x6a, 0xff, 0xec, 0xc1, 0x2a, 0x1d, 0x34, 0xd2, 0xc3, 0xe1, 0x49, 0xce,
+    0xb1, 0xb9, 0x88, 0x25, 0x16, 0xbc, 0x34, 0x1b, 0xcf,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Cert =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Cert_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_SKID_Array[] = {
+    0xCE, 0x80, 0xC0, 0x02, 0x33, 0x9B, 0xC6, 0x00, 0xD4, 0xF9, 0x4A, 0xF0, 0x95, 0xEE, 0x64, 0xF0, 0x29, 0x42, 0x32, 0xE2,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_SKID =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_SKID_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Key.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_PublicKey_Array[] = {
+    0x04, 0x66, 0x8b, 0xf8, 0x10, 0x24, 0x2d, 0xcd, 0x4a, 0x8f, 0x0c, 0xc3, 0x8d, 0x71, 0x40, 0x82, 0xb5,
+    0x9f, 0x44, 0xfb, 0xe9, 0x27, 0x1c, 0xe6, 0x6a, 0x5d, 0x1b, 0xf4, 0xe3, 0x78, 0xf6, 0x81, 0xbc, 0x19,
+    0xf4, 0xab, 0x7a, 0xcb, 0x8a, 0x33, 0xb8, 0x4e, 0x3b, 0x4a, 0xe0, 0x44, 0xa9, 0xe3, 0x5e, 0xaa, 0x04,
+    0x53, 0xa4, 0x96, 0xa9, 0x05, 0x05, 0xf1, 0x57, 0xc2, 0x52, 0x69, 0xfe, 0x4f, 0xb7,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_PublicKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_PublicKey_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_PrivateKey_Array[] = {
+    0xfe, 0x74, 0xd0, 0x22, 0xb9, 0x05, 0xd8, 0x38, 0x7e, 0x6f, 0xbf, 0x22, 0x12, 0x9a, 0xde, 0xda,
+    0xda, 0xe7, 0xc9, 0x78, 0x0c, 0xbb, 0x51, 0x14, 0x16, 0xdd, 0x5a, 0xe9, 0x86, 0x36, 0xa1, 0xcc,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_PrivateKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_PrivateKey_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Cert.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_Cert_Array[] = {
+    0x30, 0x82, 0x02, 0x8c, 0x30, 0x82, 0x02, 0x33, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x7a, 0xb3, 0x30, 0xa7, 0xca, 0x1f,
+    0x91, 0x95, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
+    0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
+    0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
+    0x30, 0x30, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f,
+    0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x3b, 0x31, 0x0d, 0x30, 0x0b,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x04, 0x4c, 0x6f, 0x6e, 0x67, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
+    0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01,
+    0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x7d, 0xd0,
+    0x08, 0x30, 0x43, 0x7f, 0xfb, 0xd7, 0x07, 0x09, 0x38, 0x49, 0x31, 0x84, 0xb4, 0xbc, 0x56, 0x46, 0x4f, 0x7d, 0x81, 0x00, 0xcd,
+    0xef, 0x33, 0xf8, 0x92, 0x99, 0x39, 0xbe, 0xbc, 0x8d, 0x53, 0x36, 0x95, 0xd7, 0x1f, 0x4c, 0x0d, 0xa9, 0xbf, 0x1c, 0x8e, 0x84,
+    0x7f, 0xdd, 0x70, 0x8b, 0x5c, 0xd3, 0xab, 0xd6, 0x2e, 0xe3, 0x35, 0x81, 0x69, 0xbd, 0x32, 0x08, 0x5a, 0x35, 0x28, 0xdd, 0xa3,
+    0x82, 0x01, 0x12, 0x30, 0x82, 0x01, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
+    0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55,
+    0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x1d, 0xf3, 0x52, 0x59, 0x9d, 0x41, 0xe0, 0xb0, 0x6c, 0x13, 0x02, 0x06, 0xff, 0xc1, 0x57,
+    0xa7, 0x32, 0xcc, 0xf7, 0xa4, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7,
+    0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88, 0x30, 0x81, 0xad, 0x06,
+    0x03, 0x55, 0x1d, 0x1f, 0x04, 0x81, 0xa5, 0x30, 0x81, 0xa2, 0x30, 0x81, 0x9f, 0xa0, 0x69, 0xa0, 0x67, 0x86, 0x65, 0x68, 0x74,
+    0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x74, 0x68, 0x69,
+    0x73, 0x2d, 0x69, 0x73, 0x2d, 0x61, 0x6e, 0x2d, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2d, 0x6f, 0x66, 0x2d, 0x63, 0x72,
+    0x6c, 0x2d, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x2d, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x2d,
+    0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x2d, 0x77, 0x68, 0x69, 0x63, 0x68, 0x2d, 0x69, 0x73, 0x2d, 0x31, 0x30,
+    0x31, 0x2d, 0x63, 0x68, 0x61, 0x72, 0x73, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0xa2, 0x32, 0xa4, 0x30, 0x30, 0x2e,
+    0x31, 0x2c, 0x30, 0x2a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x23, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73,
+    0x74, 0x20, 0x50, 0x41, 0x49, 0x20, 0x4d, 0x76, 0x69, 0x64, 0x3a, 0x46, 0x46, 0x46, 0x32, 0x20, 0x4d, 0x70, 0x69, 0x64, 0x3a,
+    0x38, 0x30, 0x30, 0x34, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44,
+    0x02, 0x20, 0x13, 0x28, 0xf3, 0xfa, 0x3a, 0xa3, 0x68, 0xeb, 0x4f, 0x8d, 0x73, 0x2f, 0xbb, 0x0f, 0x28, 0xcf, 0x0d, 0xab, 0xc4,
+    0xe9, 0x44, 0x4e, 0x00, 0x3c, 0x84, 0x84, 0x85, 0xb9, 0x70, 0x7b, 0xbd, 0xff, 0x02, 0x20, 0x5d, 0x0c, 0x98, 0xd5, 0x01, 0x14,
+    0x5d, 0xa2, 0x3a, 0xea, 0x6f, 0xec, 0xda, 0xb3, 0xf4, 0xd2, 0x9c, 0xbf, 0x3e, 0x70, 0xb4, 0x53, 0x83, 0x46, 0xbc, 0xce, 0x81,
+    0x1b, 0x24, 0x74, 0xe4, 0x38,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_Cert =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_Cert_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_SKID_Array[] = {
+    0x1D, 0xF3, 0x52, 0x59, 0x9D, 0x41, 0xE0, 0xB0, 0x6C, 0x13, 0x02, 0x06, 0xFF, 0xC1, 0x57, 0xA7, 0x32, 0xCC, 0xF7, 0xA4,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_SKID =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_SKID_Array);
+
+// ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Issuer-PAI-FFF2-8004-Long-Key.pem
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_PublicKey_Array[] = {
+    0x04, 0x7d, 0xd0, 0x08, 0x30, 0x43, 0x7f, 0xfb, 0xd7, 0x07, 0x09, 0x38, 0x49, 0x31, 0x84, 0xb4, 0xbc,
+    0x56, 0x46, 0x4f, 0x7d, 0x81, 0x00, 0xcd, 0xef, 0x33, 0xf8, 0x92, 0x99, 0x39, 0xbe, 0xbc, 0x8d, 0x53,
+    0x36, 0x95, 0xd7, 0x1f, 0x4c, 0x0d, 0xa9, 0xbf, 0x1c, 0x8e, 0x84, 0x7f, 0xdd, 0x70, 0x8b, 0x5c, 0xd3,
+    0xab, 0xd6, 0x2e, 0xe3, 0x35, 0x81, 0x69, 0xbd, 0x32, 0x08, 0x5a, 0x35, 0x28, 0xdd,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_PublicKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_PublicKey_Array);
+
+constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_PrivateKey_Array[] = {
+    0x84, 0x61, 0x19, 0xc4, 0xb8, 0xfc, 0x59, 0x04, 0x59, 0x98, 0x5c, 0x19, 0x46, 0x6a, 0xb0, 0x4b,
+    0x0e, 0x9b, 0xff, 0xb2, 0x92, 0x7d, 0xf9, 0xce, 0x6f, 0xeb, 0x47, 0x82, 0x6b, 0x1d, 0xce, 0x38,
+};
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_PrivateKey =
+    ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_PrivateKey_Array);
+
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Cert.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Long_Cert_Array[] = {
-    0x30, 0x82, 0x02, 0x53, 0x30, 0x82, 0x01, 0xf9, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x1d, 0x6e, 0x6d, 0x50, 0x41, 0x86,
-    0x00, 0x07, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x30, 0x82, 0x02, 0x53, 0x30, 0x82, 0x01, 0xf9, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x2d, 0x8d, 0x2c, 0x45, 0xae, 0x68,
+    0x53, 0x45, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
     0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
     0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
     0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
@@ -275,14 +872,14 @@ constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Long_Cert_Array[] = {
     0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x04, 0x4c, 0x6f, 0x6e, 0x67, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
     0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01,
     0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
-    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x43, 0x28,
-    0xfb, 0xb8, 0x71, 0x42, 0x8c, 0x35, 0xe2, 0x24, 0xb3, 0x7f, 0x9e, 0x80, 0x64, 0x03, 0x5f, 0xb2, 0xcc, 0x72, 0xf8, 0xf1, 0x71,
-    0x18, 0x53, 0x46, 0xc3, 0x20, 0xe1, 0xa8, 0x85, 0xb5, 0xe4, 0x09, 0x09, 0x5e, 0xec, 0x85, 0x5f, 0x7d, 0x52, 0xaf, 0x97, 0xa1,
-    0xd0, 0x6f, 0x76, 0x71, 0x6c, 0x87, 0x36, 0x7e, 0x19, 0x88, 0xce, 0xa1, 0x19, 0xd6, 0xd7, 0xf4, 0x25, 0x2b, 0xc7, 0x2f, 0xa3,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x6f, 0xbd,
+    0x31, 0x13, 0xf1, 0x4e, 0x00, 0xb5, 0x54, 0x1a, 0xe5, 0x26, 0x3a, 0x47, 0xe1, 0x6b, 0x19, 0x77, 0x75, 0xe9, 0x12, 0x14, 0xa4,
+    0x20, 0xf4, 0xd9, 0x7a, 0xed, 0x6b, 0xa4, 0x93, 0x55, 0x1c, 0xa5, 0xc0, 0xd6, 0x95, 0xfa, 0x3e, 0xb9, 0x08, 0xf1, 0x32, 0x9a,
+    0x54, 0xbb, 0x9d, 0x5d, 0xe5, 0x97, 0x4c, 0xfa, 0xa8, 0xc5, 0xf0, 0xc5, 0xc4, 0x30, 0x8c, 0xae, 0x1a, 0xc6, 0xe1, 0x77, 0xa3,
     0x81, 0xd9, 0x30, 0x81, 0xd6, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e,
     0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
-    0x04, 0x16, 0x04, 0x14, 0xf6, 0x4c, 0x7b, 0xf1, 0xa8, 0xb6, 0xe0, 0xba, 0x10, 0x8e, 0xbd, 0xeb, 0x4f, 0xe1, 0xf6, 0x77, 0x7c,
-    0xc9, 0x2c, 0x29, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d,
+    0x04, 0x16, 0x04, 0x14, 0xa8, 0x34, 0xcb, 0xec, 0xfd, 0x6f, 0x47, 0x43, 0x06, 0xe5, 0x7d, 0x90, 0x7e, 0x4c, 0xf4, 0xad, 0x3f,
+    0x7d, 0xfc, 0x4f, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d,
     0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88, 0x30, 0x76, 0x06, 0x03, 0x55, 0x1d,
     0x1f, 0x04, 0x6f, 0x30, 0x6d, 0x30, 0x6b, 0xa0, 0x69, 0xa0, 0x67, 0x86, 0x65, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f,
     0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x74, 0x68, 0x69, 0x73, 0x2d, 0x69, 0x73, 0x2d, 0x61,
@@ -290,16 +887,16 @@ constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Long_Cert_Array[] = {
     0x72, 0x69, 0x62, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x2d, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x2d, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73,
     0x69, 0x6f, 0x6e, 0x2d, 0x77, 0x68, 0x69, 0x63, 0x68, 0x2d, 0x69, 0x73, 0x2d, 0x31, 0x30, 0x31, 0x2d, 0x63, 0x68, 0x61, 0x72,
     0x73, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
-    0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x43, 0x43, 0x62, 0x74, 0x55, 0x45, 0xb8, 0x10, 0xeb, 0x33, 0x3d, 0x59, 0x2d, 0x3f,
-    0x46, 0x82, 0x3c, 0x53, 0xf5, 0x61, 0x19, 0xf0, 0x86, 0x44, 0xe2, 0x79, 0x4c, 0xba, 0x4a, 0xda, 0xb7, 0xb1, 0x02, 0x21, 0x00,
-    0xaf, 0x51, 0x97, 0x6a, 0x44, 0x4d, 0x43, 0x9e, 0xba, 0x17, 0xb8, 0xa1, 0x63, 0x75, 0x81, 0x53, 0x09, 0x93, 0xf6, 0x18, 0xc2,
-    0x74, 0x18, 0x87, 0xd3, 0xe6, 0xde, 0x47, 0x91, 0xa4, 0xc9, 0xa4,
+    0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xf0, 0x55, 0x61, 0x3a, 0xcb, 0x11, 0xcb, 0x76, 0xdf, 0x74, 0xc3, 0xe1, 0x72,
+    0xae, 0x63, 0xcb, 0xa0, 0x2f, 0xb3, 0x6c, 0x1e, 0x05, 0x2b, 0x18, 0x24, 0xea, 0x83, 0x66, 0xc6, 0x14, 0x15, 0xda, 0x02, 0x20,
+    0x01, 0x25, 0xaf, 0x3f, 0x74, 0x6f, 0x62, 0x8f, 0x26, 0xeb, 0x6d, 0xfe, 0xc9, 0x48, 0xfe, 0xfa, 0x35, 0xd5, 0xd2, 0xe9, 0x04,
+    0x63, 0xf1, 0xf3, 0x8a, 0xd6, 0xef, 0x90, 0xdb, 0xb6, 0xe6, 0x83,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Long_Cert = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Long_Cert_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Long_SKID_Array[] = {
-    0xF6, 0x4C, 0x7B, 0xF1, 0xA8, 0xB6, 0xE0, 0xBA, 0x10, 0x8E, 0xBD, 0xEB, 0x4F, 0xE1, 0xF6, 0x77, 0x7C, 0xC9, 0x2C, 0x29,
+    0xA8, 0x34, 0xCB, 0xEC, 0xFD, 0x6F, 0x47, 0x43, 0x06, 0xE5, 0x7D, 0x90, 0x7E, 0x4C, 0xF4, 0xAD, 0x3F, 0x7D, 0xFC, 0x4F,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Long_SKID = ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Long_SKID_Array);
@@ -307,18 +904,18 @@ extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Long_SKID = ByteSpan(sTes
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Long-Key.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Long_PublicKey_Array[] = {
-    0x04, 0x43, 0x28, 0xfb, 0xb8, 0x71, 0x42, 0x8c, 0x35, 0xe2, 0x24, 0xb3, 0x7f, 0x9e, 0x80, 0x64, 0x03,
-    0x5f, 0xb2, 0xcc, 0x72, 0xf8, 0xf1, 0x71, 0x18, 0x53, 0x46, 0xc3, 0x20, 0xe1, 0xa8, 0x85, 0xb5, 0xe4,
-    0x09, 0x09, 0x5e, 0xec, 0x85, 0x5f, 0x7d, 0x52, 0xaf, 0x97, 0xa1, 0xd0, 0x6f, 0x76, 0x71, 0x6c, 0x87,
-    0x36, 0x7e, 0x19, 0x88, 0xce, 0xa1, 0x19, 0xd6, 0xd7, 0xf4, 0x25, 0x2b, 0xc7, 0x2f,
+    0x04, 0x6f, 0xbd, 0x31, 0x13, 0xf1, 0x4e, 0x00, 0xb5, 0x54, 0x1a, 0xe5, 0x26, 0x3a, 0x47, 0xe1, 0x6b,
+    0x19, 0x77, 0x75, 0xe9, 0x12, 0x14, 0xa4, 0x20, 0xf4, 0xd9, 0x7a, 0xed, 0x6b, 0xa4, 0x93, 0x55, 0x1c,
+    0xa5, 0xc0, 0xd6, 0x95, 0xfa, 0x3e, 0xb9, 0x08, 0xf1, 0x32, 0x9a, 0x54, 0xbb, 0x9d, 0x5d, 0xe5, 0x97,
+    0x4c, 0xfa, 0xa8, 0xc5, 0xf0, 0xc5, 0xc4, 0x30, 0x8c, 0xae, 0x1a, 0xc6, 0xe1, 0x77,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Long_PublicKey =
     ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Long_PublicKey_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Long_PrivateKey_Array[] = {
-    0xd1, 0x54, 0x99, 0xa7, 0xd6, 0xde, 0x38, 0x53, 0x86, 0x9d, 0xe6, 0xa4, 0x6c, 0x4b, 0x52, 0xd1,
-    0x3b, 0x73, 0x59, 0x16, 0xd4, 0xaa, 0xbd, 0x50, 0x26, 0xaa, 0xad, 0x1e, 0x72, 0x79, 0x66, 0xeb,
+    0xa1, 0x04, 0xed, 0x38, 0xd7, 0xa7, 0x7d, 0xfb, 0x87, 0x24, 0x89, 0xb5, 0xf3, 0x35, 0x51, 0xe6,
+    0x5e, 0x7e, 0x68, 0x36, 0x04, 0x33, 0x4e, 0x7b, 0x6e, 0x9a, 0xa7, 0xe4, 0x8b, 0x94, 0xbf, 0xf7,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Long_PrivateKey =
@@ -327,38 +924,40 @@ extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Long_PrivateKey =
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Cert.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_Cert_Array[] = {
-    0x30, 0x82, 0x02, 0x05, 0x30, 0x82, 0x01, 0xab, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x70, 0x06, 0x08, 0xaa, 0xa1, 0xd7,
-    0xad, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
+    0x30, 0x82, 0x02, 0x27, 0x30, 0x82, 0x01, 0xcc, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x6f, 0xd7, 0xff, 0x0b, 0xd5, 0xa4,
+    0x98, 0x3f, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06,
     0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49,
     0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46,
     0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30,
     0x30, 0x30, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x18, 0x0f,
-    0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x3b, 0x31, 0x0d, 0x30, 0x0b,
-    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x04, 0x4c, 0x6f, 0x6e, 0x67, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04,
-    0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01,
-    0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
-    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xfc, 0xcd,
-    0xc8, 0x29, 0xba, 0x62, 0x37, 0x7c, 0xc6, 0xc7, 0xb3, 0x6e, 0xa7, 0xc1, 0xaf, 0x76, 0xcd, 0x15, 0xc3, 0x28, 0xbc, 0x4b, 0x6e,
-    0x8d, 0x07, 0x78, 0xba, 0x59, 0x7f, 0xbb, 0xf3, 0x0a, 0xe7, 0x12, 0xb6, 0x57, 0xd2, 0xf9, 0xf2, 0xb9, 0x15, 0xf8, 0x23, 0x4c,
-    0x87, 0xe2, 0xa3, 0x3b, 0xf5, 0xe7, 0x59, 0x76, 0xe0, 0x4e, 0x6a, 0xd0, 0x3d, 0x85, 0x0b, 0xd1, 0x64, 0x39, 0xf3, 0xcf, 0xa3,
-    0x81, 0x8b, 0x30, 0x81, 0x88, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e,
-    0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
-    0x04, 0x16, 0x04, 0x14, 0x07, 0x30, 0x1c, 0xef, 0x8b, 0x9e, 0x44, 0x26, 0xd2, 0xe4, 0x6e, 0xc6, 0xfa, 0x3a, 0xd3, 0xb7, 0x44,
-    0x1d, 0xef, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d,
-    0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11, 0x15, 0x22, 0x5f, 0x32, 0x52, 0x88, 0x30, 0x28, 0x06, 0x03, 0x55, 0x1d,
-    0x1f, 0x04, 0x21, 0x30, 0x1f, 0x30, 0x1d, 0xa0, 0x1b, 0xa0, 0x19, 0x86, 0x17, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x78, 0x61, 0x6d,
-    0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86,
-    0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xe6, 0xb8, 0x88, 0x1e, 0xed, 0x0e, 0xa6,
-    0x70, 0x82, 0xc0, 0x60, 0x7e, 0x46, 0xf6, 0xca, 0x84, 0x04, 0x31, 0xab, 0xe0, 0x91, 0xd6, 0x17, 0x5d, 0x81, 0x0c, 0x38, 0xa1,
-    0xe4, 0xf0, 0x45, 0x77, 0x02, 0x20, 0x39, 0x06, 0x5f, 0xbe, 0xf9, 0xfd, 0xa4, 0x1b, 0x37, 0xaf, 0xcb, 0xb1, 0xf6, 0xdf, 0x09,
-    0x0e, 0x1a, 0x44, 0x3b, 0xac, 0x6e, 0x65, 0x2c, 0x3b, 0xda, 0xc1, 0x03, 0xf4, 0xd3, 0xac, 0x4e, 0x76,
+    0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x5c, 0x31, 0x2e, 0x30, 0x2c,
+    0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x25, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x44, 0x41,
+    0x43, 0x20, 0x30, 0x30, 0x30, 0x30, 0x20, 0x43, 0x44, 0x50, 0x20, 0x57, 0x72, 0x6f, 0x6e, 0x67, 0x20, 0x50, 0x72, 0x65, 0x66,
+    0x69, 0x78, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46,
+    0x46, 0x46, 0x31, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04,
+    0x38, 0x30, 0x30, 0x30, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xde, 0xcc, 0x12, 0xe0, 0xdc, 0x3d, 0x1b, 0x39, 0xa0, 0xff, 0xc6,
+    0x66, 0x85, 0xfd, 0x1a, 0x3d, 0xda, 0xf4, 0xd0, 0x74, 0xe0, 0xb3, 0x6a, 0x53, 0xa8, 0xbd, 0x2c, 0x1c, 0xb3, 0xed, 0xfd, 0xf8,
+    0x7b, 0x71, 0x3c, 0xc4, 0x8e, 0x72, 0x19, 0x75, 0x89, 0xb9, 0x71, 0xdf, 0x5f, 0x59, 0x1e, 0xc8, 0xcd, 0x4e, 0xbe, 0x73, 0xfa,
+    0x4f, 0xdf, 0x70, 0xa2, 0x07, 0x49, 0xc2, 0x84, 0x92, 0xd9, 0x3f, 0xa3, 0x81, 0x8b, 0x30, 0x81, 0x88, 0x30, 0x0c, 0x06, 0x03,
+    0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04,
+    0x04, 0x03, 0x02, 0x07, 0x80, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x58, 0x41, 0x3e, 0xe4, 0xed,
+    0xad, 0x2f, 0x44, 0xa6, 0xcd, 0x06, 0xab, 0xc0, 0x6c, 0xa3, 0x48, 0x5e, 0xe6, 0xc1, 0xf1, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
+    0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xaf, 0x42, 0xb7, 0x09, 0x4d, 0xeb, 0xd5, 0x15, 0xec, 0x6e, 0xcf, 0x33, 0xb8, 0x11,
+    0x15, 0x22, 0x5f, 0x32, 0x52, 0x88, 0x30, 0x28, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x21, 0x30, 0x1f, 0x30, 0x1d, 0xa0, 0x1b,
+    0xa0, 0x19, 0x86, 0x17, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63,
+    0x72, 0x6c, 0x2e, 0x70, 0x65, 0x6d, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00,
+    0x30, 0x46, 0x02, 0x21, 0x00, 0xb5, 0x2f, 0x95, 0x53, 0x46, 0x9d, 0x01, 0x38, 0x9b, 0xae, 0xba, 0x0f, 0x85, 0xad, 0x29, 0xac,
+    0x89, 0x9e, 0x8f, 0x14, 0x1a, 0x1d, 0x2d, 0x6c, 0xf7, 0xd3, 0xff, 0x57, 0x5c, 0x05, 0xb9, 0x2b, 0x02, 0x21, 0x00, 0xd7, 0xd5,
+    0xda, 0x5e, 0x8b, 0xeb, 0x36, 0x04, 0x5b, 0x35, 0x12, 0xf8, 0x36, 0x3d, 0xb3, 0xa0, 0xac, 0x8c, 0x1d, 0x14, 0x7c, 0x2d, 0xbb,
+    0x3f, 0x95, 0x58, 0xc9, 0xf5, 0x8b, 0xe5, 0x80, 0x81,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_Cert =
     ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_Cert_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_SKID_Array[] = {
-    0x07, 0x30, 0x1C, 0xEF, 0x8B, 0x9E, 0x44, 0x26, 0xD2, 0xE4, 0x6E, 0xC6, 0xFA, 0x3A, 0xD3, 0xB7, 0x44, 0x1D, 0xEF, 0xBD,
+    0x58, 0x41, 0x3E, 0xE4, 0xED, 0xAD, 0x2F, 0x44, 0xA6, 0xCD, 0x06, 0xAB, 0xC0, 0x6C, 0xA3, 0x48, 0x5E, 0xE6, 0xC1, 0xF1,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_SKID =
@@ -367,18 +966,18 @@ extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_SKID =
 // ${chip_root}/credentials/test/attestation/Chip-Test-DAC-FFF1-8000-0000-CDP-Wrong-Prefix-Key.pem
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_PublicKey_Array[] = {
-    0x04, 0xfc, 0xcd, 0xc8, 0x29, 0xba, 0x62, 0x37, 0x7c, 0xc6, 0xc7, 0xb3, 0x6e, 0xa7, 0xc1, 0xaf, 0x76,
-    0xcd, 0x15, 0xc3, 0x28, 0xbc, 0x4b, 0x6e, 0x8d, 0x07, 0x78, 0xba, 0x59, 0x7f, 0xbb, 0xf3, 0x0a, 0xe7,
-    0x12, 0xb6, 0x57, 0xd2, 0xf9, 0xf2, 0xb9, 0x15, 0xf8, 0x23, 0x4c, 0x87, 0xe2, 0xa3, 0x3b, 0xf5, 0xe7,
-    0x59, 0x76, 0xe0, 0x4e, 0x6a, 0xd0, 0x3d, 0x85, 0x0b, 0xd1, 0x64, 0x39, 0xf3, 0xcf,
+    0x04, 0xde, 0xcc, 0x12, 0xe0, 0xdc, 0x3d, 0x1b, 0x39, 0xa0, 0xff, 0xc6, 0x66, 0x85, 0xfd, 0x1a, 0x3d,
+    0xda, 0xf4, 0xd0, 0x74, 0xe0, 0xb3, 0x6a, 0x53, 0xa8, 0xbd, 0x2c, 0x1c, 0xb3, 0xed, 0xfd, 0xf8, 0x7b,
+    0x71, 0x3c, 0xc4, 0x8e, 0x72, 0x19, 0x75, 0x89, 0xb9, 0x71, 0xdf, 0x5f, 0x59, 0x1e, 0xc8, 0xcd, 0x4e,
+    0xbe, 0x73, 0xfa, 0x4f, 0xdf, 0x70, 0xa2, 0x07, 0x49, 0xc2, 0x84, 0x92, 0xd9, 0x3f,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_PublicKey =
     ByteSpan(sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_PublicKey_Array);
 
 constexpr uint8_t sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_PrivateKey_Array[] = {
-    0xa5, 0x1d, 0xcd, 0xfc, 0xd9, 0x55, 0xdb, 0x87, 0x24, 0x35, 0x6c, 0x87, 0x12, 0x1a, 0x90, 0xbd,
-    0x13, 0x18, 0x53, 0x78, 0xa7, 0xa9, 0x8c, 0x71, 0xf4, 0x70, 0x44, 0xa2, 0xa6, 0xdb, 0xeb, 0xdb,
+    0xcb, 0xcb, 0x67, 0xd2, 0x7b, 0xbb, 0xce, 0xbe, 0x74, 0x17, 0xc3, 0xe5, 0xae, 0xbe, 0x10, 0xb3,
+    0xc6, 0x12, 0x00, 0x4e, 0x08, 0x85, 0xee, 0x3e, 0x60, 0x3d, 0xe2, 0xdc, 0xb7, 0x9e, 0xce, 0xca,
 };
 
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_PrivateKey =
diff --git a/src/credentials/tests/CHIPAttCert_test_vectors.h b/src/credentials/tests/CHIPAttCert_test_vectors.h
index 1e59b5321cf19d..936cf00bddcd3d 100644
--- a/src/credentials/tests/CHIPAttCert_test_vectors.h
+++ b/src/credentials/tests/CHIPAttCert_test_vectors.h
@@ -28,6 +28,26 @@ extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_SKID;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_PublicKey;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_PrivateKey;
 
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_Cert;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_SKID;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_PublicKey;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_PrivateKey;
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_Cert;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_SKID;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_PublicKey;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_PrivateKey;
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_Cert;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_SKID;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_PublicKey;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_PrivateKey;
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_Cert;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_SKID;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_PublicKey;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_PrivateKey;
+
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_Cert;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_SKID;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_PublicKey;
@@ -38,11 +58,36 @@ extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_SKID;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_PublicKey;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_PrivateKey;
 
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_Cert;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_SKID;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_PublicKey;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_PrivateKey;
+
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_Cert;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_SKID;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_PublicKey;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_PrivateKey;
 
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_Cert;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_SKID;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_PublicKey;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_PrivateKey;
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_Cert;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_SKID;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_PublicKey;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_PrivateKey;
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Cert;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_SKID;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_PublicKey;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_PrivateKey;
+
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_Cert;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_SKID;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_PublicKey;
+extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_PrivateKey;
+
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Long_Cert;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Long_SKID;
 extern const ByteSpan sTestCert_DAC_FFF1_8000_0000_CDP_Long_PublicKey;
diff --git a/src/crypto/CHIPCryptoPAL.h b/src/crypto/CHIPCryptoPAL.h
index 1ad60b4c68d61a..88abc189b5b06f 100644
--- a/src/crypto/CHIPCryptoPAL.h
+++ b/src/crypto/CHIPCryptoPAL.h
@@ -1582,6 +1582,16 @@ CHIP_ERROR ExtractAKIDFromX509Cert(const ByteSpan & certificate, MutableByteSpan
  **/
 CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certificate, MutableCharSpan & cdpurl);
 
+/**
+ * @brief Extracts the CRL Distribution Point (CDP) extension's cRLIssuer Name from an X509 ASN.1 Encoded Certificate.
+ *        The value is copied into buffer in a raw ASN.1 X.509 format. This format should be directly comparable
+ *        with the result of ExtractSubjectFromX509Cert().
+ *
+ * @returns CHIP_ERROR_NOT_FOUND if not found or wrong format.
+ *          CHIP_NO_ERROR otherwise.
+ **/
+CHIP_ERROR ExtractCDPExtensionCRLIssuerFromX509Cert(const ByteSpan & certificate, MutableByteSpan & crlIssuer);
+
 /**
  * @brief Extracts Serial Number from X509 Certificate.
  **/
diff --git a/src/crypto/CHIPCryptoPALOpenSSL.cpp b/src/crypto/CHIPCryptoPALOpenSSL.cpp
index 741603e0829d5f..317c2c9eeefda4 100644
--- a/src/crypto/CHIPCryptoPALOpenSSL.cpp
+++ b/src/crypto/CHIPCryptoPALOpenSSL.cpp
@@ -1990,7 +1990,7 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
     x509certificate = d2i_X509(nullptr, ppCertificate, static_cast<long>(certificate.size()));
     VerifyOrExit(x509certificate != nullptr, err = CHIP_ERROR_NO_MEMORY);
 
-    // CRL Distribution Point Extension is encoded as a secuense of DistributionPoint:
+    // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
     //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
     //
     // This implementation only supports a single DistributionPoint (sequence of size 1)
@@ -2052,6 +2052,79 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
     return err;
 }
 
+CHIP_ERROR ExtractCDPExtensionCRLIssuerFromX509Cert(const ByteSpan & certificate, MutableByteSpan & crlIssuer)
+{
+    CHIP_ERROR err                       = CHIP_NO_ERROR;
+    int result                           = 1;
+    X509 * x509certificate               = nullptr;
+    const unsigned char * pCertificate   = certificate.data();
+    const unsigned char ** ppCertificate = &pCertificate;
+    STACK_OF(DIST_POINT) * crldp         = nullptr;
+    DIST_POINT * dp                      = nullptr;
+    GENERAL_NAMES * gens                 = nullptr;
+    GENERAL_NAME * gen                   = nullptr;
+    X509_NAME * dirName                  = nullptr;
+    const uint8_t * pDirName             = nullptr;
+    size_t dirNameLen                    = 0;
+
+    VerifyOrReturnError(!certificate.empty() && CanCastTo<long>(certificate.size()), CHIP_ERROR_INVALID_ARGUMENT);
+
+    x509certificate = d2i_X509(nullptr, ppCertificate, static_cast<long>(certificate.size()));
+    VerifyOrExit(x509certificate != nullptr, err = CHIP_ERROR_NO_MEMORY);
+
+    // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
+    //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+    //
+    // This implementation only supports a single DistributionPoint (sequence of size 1)
+    crldp =
+        reinterpret_cast<STACK_OF(DIST_POINT) *>(X509_get_ext_d2i(x509certificate, NID_crl_distribution_points, nullptr, nullptr));
+    VerifyOrExit(crldp != nullptr, err = CHIP_ERROR_NOT_FOUND);
+    VerifyOrExit(sk_DIST_POINT_num(crldp) == 1, err = CHIP_ERROR_NOT_FOUND);
+
+    dp = sk_DIST_POINT_value(crldp, 0);
+    VerifyOrExit(dp != nullptr, err = CHIP_ERROR_NOT_FOUND);
+
+    // The DistributionPoint is a sequence of three optional elements:
+    //     DistributionPoint ::= SEQUENCE {
+    //         distributionPoint       [0]     DistributionPointName OPTIONAL,
+    //         reasons                 [1]     ReasonFlags OPTIONAL,
+    //         cRLIssuer               [2]     GeneralNames OPTIONAL }
+    //
+    // the cRLIssuer is encoded as a GeneralNames, where:
+    //     GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+    // This implementation only supports a single GeneralName element in the cRLIssuer sequence:
+    gens = dp->CRLissuer;
+    VerifyOrExit(sk_GENERAL_NAME_num(gens) == 1, err = CHIP_ERROR_NOT_FOUND);
+
+    // In this implementation the cRLIssuer is expected to be encoded as a directoryName field of the GeneralName:
+    //     GeneralName ::= CHOICE {
+    //         otherName                       [0]     OtherName,
+    //         rfc822Name                      [1]     IA5String,
+    //         dNSName                         [2]     IA5String,
+    //         x400Address                     [3]     ORAddress,
+    //         directoryName                   [4]     Name,
+    //         ediPartyName                    [5]     EDIPartyName,
+    //         uniformResourceIdentifier       [6]     IA5String,
+    //         iPAddress                       [7]     OCTET STRING,
+    //         registeredID                    [8]     OBJECT IDENTIFIER }
+    gen = sk_GENERAL_NAME_value(gens, 0);
+    VerifyOrExit(gen->type == GEN_DIRNAME, err = CHIP_ERROR_NOT_FOUND);
+
+    dirName = reinterpret_cast<X509_NAME *>(GENERAL_NAME_get0_value(gen, nullptr));
+    VerifyOrExit(dirName != nullptr, err = CHIP_ERROR_NOT_FOUND);
+
+    // Extract directoryName as a raw DER Encoded data
+    result = X509_NAME_get0_der(dirName, &pDirName, &dirNameLen);
+    VerifyOrExit(result == 1, err = CHIP_ERROR_INTERNAL);
+    err = CopySpanToMutableSpan(ByteSpan(pDirName, dirNameLen), crlIssuer);
+
+exit:
+    sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
+    X509_free(x509certificate);
+
+    return err;
+}
+
 CHIP_ERROR ExtractSerialNumberFromX509Cert(const ByteSpan & certificate, MutableByteSpan & serialNumber)
 {
     CHIP_ERROR err                        = CHIP_NO_ERROR;
@@ -2112,10 +2185,7 @@ CHIP_ERROR ExtractRawDNFromX509Cert(bool extractSubject, const ByteSpan & certif
 
     result = X509_NAME_get0_der(distinguishedName, &pDistinguishedName, &distinguishedNameLen);
     VerifyOrExit(result == 1, err = CHIP_ERROR_INTERNAL);
-    VerifyOrExit(distinguishedNameLen <= dn.size(), err = CHIP_ERROR_BUFFER_TOO_SMALL);
-
-    memcpy(dn.data(), pDistinguishedName, distinguishedNameLen);
-    dn.reduce_size(distinguishedNameLen);
+    err = CopySpanToMutableSpan(ByteSpan(pDistinguishedName, distinguishedNameLen), dn);
 
 exit:
     X509_free(x509certificate);
diff --git a/src/crypto/CHIPCryptoPALPSA.cpp b/src/crypto/CHIPCryptoPALPSA.cpp
index d1afbf1dbb05e3..5f21030eb69a72 100644
--- a/src/crypto/CHIPCryptoPALPSA.cpp
+++ b/src/crypto/CHIPCryptoPALPSA.cpp
@@ -1734,7 +1734,7 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             cdpExtCount++;
             VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
 
-            // CRL Distribution Point Extension is encoded as a secuense of DistributionPoint:
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
             //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
             //
             // This implementation only supports a single DistributionPoint (sequence of size 1),
@@ -1765,6 +1765,8 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            unsigned char * end_of_general_names = p + len;
+
             // The CDP URI is encoded as a uniformResourceIdentifier field of the GeneralName:
             //     GeneralName ::= CHOICE {
             //         otherName                       [0]     OtherName,
@@ -1780,6 +1782,9 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
                 mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            // Only single URI instance in the GeneralNames is supported
+            VerifyOrExit(p + len == end_of_general_names, error = CHIP_ERROR_NOT_FOUND);
+
             const char * urlptr = reinterpret_cast<const char *>(p);
             VerifyOrExit((len > strlen(kValidCDPURIHttpPrefix) &&
                           strncmp(urlptr, kValidCDPURIHttpPrefix, strlen(kValidCDPURIHttpPrefix)) == 0) ||
@@ -1807,6 +1812,122 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
     return error;
 }
 
+CHIP_ERROR ExtractCDPExtensionCRLIssuerFromX509Cert(const ByteSpan & certificate, MutableByteSpan & crlIssuer)
+{
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    CHIP_ERROR error = CHIP_ERROR_NOT_FOUND;
+    mbedtls_x509_crt mbed_cert;
+    unsigned char * p         = nullptr;
+    const unsigned char * end = nullptr;
+    size_t len                = 0;
+    size_t cdpExtCount        = 0;
+
+    VerifyOrReturnError(!certificate.empty() && CanCastTo<long>(certificate.size()), CHIP_ERROR_INVALID_ARGUMENT);
+
+    mbedtls_x509_crt_init(&mbed_cert);
+
+    int result = mbedtls_x509_crt_parse(&mbed_cert, Uint8::to_const_uchar(certificate.data()), certificate.size());
+    VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
+
+    p   = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
+    end = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p) +
+        mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
+    result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+    VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+    while (p < end)
+    {
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        mbedtls_x509_buf extOID = { MBEDTLS_ASN1_OID, len, p };
+        bool isCurrentExtCDP    = OID_CMP(sOID_Extension_CRLDistributionPoint, extOID);
+        p += len;
+
+        int is_critical = 0;
+        result          = mbedtls_asn1_get_bool(&p, end, &is_critical);
+        VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        unsigned char * end_of_ext = p + len;
+
+        if (isCurrentExtCDP)
+        {
+            // Only one CRL Distribution Point Extension is allowed.
+            cdpExtCount++;
+            VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
+
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
+            //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+            //
+            // This implementation only supports a single DistributionPoint (sequence of size 1),
+            // which is verified by comparing (p + len == end_of_ext)
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // The DistributionPoint is a sequence of three optional elements:
+            //     DistributionPoint ::= SEQUENCE {
+            //         distributionPoint       [0]     DistributionPointName OPTIONAL,
+            //         reasons                 [1]     ReasonFlags OPTIONAL,
+            //         cRLIssuer               [2]     GeneralNames OPTIONAL }
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // If distributionPoint element presents, ignore it
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0);
+            if (result == 0)
+            {
+                p += len;
+                VerifyOrExit(p < end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+            }
+
+            // Check if cRLIssuer element present
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+
+            // The CRL Issuer is encoded as a directoryName field of the GeneralName:
+            //     GeneralName ::= CHOICE {
+            //         otherName                       [0]     OtherName,
+            //         rfc822Name                      [1]     IA5String,
+            //         dNSName                         [2]     IA5String,
+            //         x400Address                     [3]     ORAddress,
+            //         directoryName                   [4]     Name,
+            //         ediPartyName                    [5]     EDIPartyName,
+            //         uniformResourceIdentifier       [6]     IA5String,
+            //         iPAddress                       [7]     OCTET STRING,
+            //         registeredID                    [8]     OBJECT IDENTIFIER }
+            result = mbedtls_asn1_get_tag(
+                &p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_X509_SAN_DIRECTORY_NAME);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            error = CopySpanToMutableSpan(ByteSpan(p, len), crlIssuer);
+            SuccessOrExit(error);
+        }
+        p = end_of_ext;
+    }
+
+    VerifyOrExit(cdpExtCount == 1, error = CHIP_ERROR_NOT_FOUND);
+
+exit:
+    logMbedTLSError(result);
+    mbedtls_x509_crt_free(&mbed_cert);
+
+#else
+    (void) certificate;
+    (void) crlIssuer;
+    CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
+#endif // defined(MBEDTLS_X509_CRT_PARSE_C)
+
+    return error;
+}
+
 CHIP_ERROR ExtractSerialNumberFromX509Cert(const ByteSpan & certificate, MutableByteSpan & serialNumber)
 {
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/src/crypto/CHIPCryptoPALmbedTLS.cpp b/src/crypto/CHIPCryptoPALmbedTLS.cpp
index 195bd56cf745a2..c903d984f57e08 100644
--- a/src/crypto/CHIPCryptoPALmbedTLS.cpp
+++ b/src/crypto/CHIPCryptoPALmbedTLS.cpp
@@ -1826,7 +1826,7 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             cdpExtCount++;
             VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
 
-            // CRL Distribution Point Extension is encoded as a secuense of DistributionPoint:
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
             //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
             //
             // This implementation only supports a single DistributionPoint (sequence of size 1),
@@ -1857,6 +1857,8 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            unsigned char * end_of_general_names = p + len;
+
             // The CDP URI is encoded as a uniformResourceIdentifier field of the GeneralName:
             //     GeneralName ::= CHOICE {
             //         otherName                       [0]     OtherName,
@@ -1872,6 +1874,9 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
                 mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            // Only single URI instance in the GeneralNames is supported
+            VerifyOrExit(p + len == end_of_general_names, error = CHIP_ERROR_NOT_FOUND);
+
             const char * urlptr = reinterpret_cast<const char *>(p);
             VerifyOrExit((len > strlen(kValidCDPURIHttpPrefix) &&
                           strncmp(urlptr, kValidCDPURIHttpPrefix, strlen(kValidCDPURIHttpPrefix)) == 0) ||
@@ -1899,6 +1904,122 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
     return error;
 }
 
+CHIP_ERROR ExtractCDPExtensionCRLIssuerFromX509Cert(const ByteSpan & certificate, MutableByteSpan & crlIssuer)
+{
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    CHIP_ERROR error = CHIP_ERROR_NOT_FOUND;
+    mbedtls_x509_crt mbed_cert;
+    unsigned char * p         = nullptr;
+    const unsigned char * end = nullptr;
+    size_t len                = 0;
+    size_t cdpExtCount        = 0;
+
+    VerifyOrReturnError(!certificate.empty() && CanCastTo<long>(certificate.size()), CHIP_ERROR_INVALID_ARGUMENT);
+
+    mbedtls_x509_crt_init(&mbed_cert);
+
+    int result = mbedtls_x509_crt_parse(&mbed_cert, Uint8::to_const_uchar(certificate.data()), certificate.size());
+    VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
+
+    p   = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
+    end = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p) +
+        mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
+    result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+    VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+    while (p < end)
+    {
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        mbedtls_x509_buf extOID = { MBEDTLS_ASN1_OID, len, p };
+        bool isCurrentExtCDP    = OID_CMP(sOID_Extension_CRLDistributionPoint, extOID);
+        p += len;
+
+        int is_critical = 0;
+        result          = mbedtls_asn1_get_bool(&p, end, &is_critical);
+        VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        unsigned char * end_of_ext = p + len;
+
+        if (isCurrentExtCDP)
+        {
+            // Only one CRL Distribution Point Extension is allowed.
+            cdpExtCount++;
+            VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
+
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
+            //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+            //
+            // This implementation only supports a single DistributionPoint (sequence of size 1),
+            // which is verified by comparing (p + len == end_of_ext)
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // The DistributionPoint is a sequence of three optional elements:
+            //     DistributionPoint ::= SEQUENCE {
+            //         distributionPoint       [0]     DistributionPointName OPTIONAL,
+            //         reasons                 [1]     ReasonFlags OPTIONAL,
+            //         cRLIssuer               [2]     GeneralNames OPTIONAL }
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // If distributionPoint element presents, ignore it
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0);
+            if (result == 0)
+            {
+                p += len;
+                VerifyOrExit(p < end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+            }
+
+            // Check if cRLIssuer element present
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+
+            // The CRL Issuer is encoded as a directoryName field of the GeneralName:
+            //     GeneralName ::= CHOICE {
+            //         otherName                       [0]     OtherName,
+            //         rfc822Name                      [1]     IA5String,
+            //         dNSName                         [2]     IA5String,
+            //         x400Address                     [3]     ORAddress,
+            //         directoryName                   [4]     Name,
+            //         ediPartyName                    [5]     EDIPartyName,
+            //         uniformResourceIdentifier       [6]     IA5String,
+            //         iPAddress                       [7]     OCTET STRING,
+            //         registeredID                    [8]     OBJECT IDENTIFIER }
+            result = mbedtls_asn1_get_tag(
+                &p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_X509_SAN_DIRECTORY_NAME);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            error = CopySpanToMutableSpan(ByteSpan(p, len), crlIssuer);
+            SuccessOrExit(error);
+        }
+        p = end_of_ext;
+    }
+
+    VerifyOrExit(cdpExtCount == 1, error = CHIP_ERROR_NOT_FOUND);
+
+exit:
+    _log_mbedTLS_error(result);
+    mbedtls_x509_crt_free(&mbed_cert);
+
+#else
+    (void) certificate;
+    (void) crlIssuer;
+    CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
+#endif // defined(MBEDTLS_X509_CRT_PARSE_C)
+
+    return error;
+}
+
 CHIP_ERROR ExtractSerialNumberFromX509Cert(const ByteSpan & certificate, MutableByteSpan & serialNumber)
 {
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/src/crypto/tests/CHIPCryptoPALTest.cpp b/src/crypto/tests/CHIPCryptoPALTest.cpp
index 9eb01b6723dabb..bcf858d8b53e10 100644
--- a/src/crypto/tests/CHIPCryptoPALTest.cpp
+++ b/src/crypto/tests/CHIPCryptoPALTest.cpp
@@ -2122,21 +2122,32 @@ static void TestCDPExtension_x509Extraction(nlTestSuite * inSuite, void * inCont
 
     constexpr const char * exampleHttpURI  = "http://example.com/crl.pem";
     constexpr const char * exampleHttpsURI = "https://example.com/crl.pem";
+    CharSpan httpSpan                      = CharSpan::fromCharString(exampleHttpURI);
+    CharSpan httpsSpan                     = CharSpan::fromCharString(exampleHttpsURI);
 
     // clang-format off
     static CDPTestCase sCDPTestCases[] = {
-        // Cert                                                Expected Error               Expected Output
-        // ===============================================================================================
-        {  ByteSpan(),                                         CHIP_ERROR_INVALID_ARGUMENT, CharSpan() },
-        {  sTestCert_PAA_FFF1_Cert,                            CHIP_ERROR_NOT_FOUND,        CharSpan() },
-        {  sTestCert_PAI_FFF2_8001_Cert,                       CHIP_ERROR_NOT_FOUND,        CharSpan() },
-        {  sTestCert_DAC_FFF2_8003_0019_FB_Cert,               CHIP_ERROR_NOT_FOUND,        CharSpan() },
-        {  sTestCert_DAC_FFF1_8000_0000_CDP_Cert,              CHIP_NO_ERROR,               CharSpan::fromCharString(exampleHttpURI) },
-        {  sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_Cert,        CHIP_NO_ERROR,               CharSpan::fromCharString(exampleHttpsURI) },
-        {  sTestCert_DAC_FFF1_8000_0000_2CDPs_Cert,            CHIP_ERROR_NOT_FOUND,        CharSpan() },
-        {  sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_Cert,        CHIP_ERROR_NOT_FOUND,        CharSpan() },
-        {  sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_Cert, CHIP_ERROR_NOT_FOUND,        CharSpan() },
-        {  sTestCert_DAC_FFF1_8000_0000_CDP_Long_Cert,         CHIP_ERROR_BUFFER_TOO_SMALL, CharSpan() },
+        // Cert                                                             Expected Error               Expected Output
+        // ==============================================================================================================
+        {  ByteSpan(),                                                      CHIP_ERROR_INVALID_ARGUMENT, CharSpan() },
+        {  sTestCert_PAA_FFF1_Cert,                                         CHIP_ERROR_NOT_FOUND,        CharSpan() },
+        {  sTestCert_PAI_FFF2_8001_Cert,                                    CHIP_ERROR_NOT_FOUND,        CharSpan() },
+        {  sTestCert_DAC_FFF2_8003_0019_FB_Cert,                            CHIP_ERROR_NOT_FOUND,        CharSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Cert,                           CHIP_NO_ERROR,               httpSpan   },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_Cert,                     CHIP_NO_ERROR,               httpsSpan  },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_Cert,                     CHIP_ERROR_NOT_FOUND,        CharSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_Cert,                      CHIP_ERROR_NOT_FOUND,        CharSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_2CDPs_Cert,                         CHIP_ERROR_NOT_FOUND,        CharSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_Cert,              CHIP_ERROR_NOT_FOUND,        CharSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Long_Cert,                      CHIP_ERROR_BUFFER_TOO_SMALL, CharSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_Cert,         CHIP_ERROR_NOT_FOUND,        CharSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_Cert,    CHIP_ERROR_NOT_FOUND,        CharSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_Cert,  CHIP_ERROR_NOT_FOUND,        CharSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_Cert,      CHIP_NO_ERROR,               httpsSpan  },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_Cert,           CHIP_NO_ERROR,               httpsSpan  },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_Cert,          CHIP_NO_ERROR,               httpsSpan  },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Cert,      CHIP_NO_ERROR,               httpsSpan  },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_Cert, CHIP_ERROR_BUFFER_TOO_SMALL, CharSpan() },
     };
     // clang-format on
 
@@ -2146,7 +2157,7 @@ static void TestCDPExtension_x509Extraction(nlTestSuite * inSuite, void * inCont
         MutableCharSpan cdp(cdpBuf);
         err = ExtractCRLDistributionPointURIFromX509Cert(testCase.Cert, cdp);
         NL_TEST_ASSERT(inSuite, err == testCase.mExpectedError);
-        if (err == CHIP_NO_ERROR)
+        if (testCase.mExpectedError == CHIP_NO_ERROR)
         {
             NL_TEST_ASSERT(inSuite, cdp.size() == testCase.mExpectedResult.size());
             NL_TEST_ASSERT(inSuite, cdp.data_equal(testCase.mExpectedResult));
@@ -2154,6 +2165,65 @@ static void TestCDPExtension_x509Extraction(nlTestSuite * inSuite, void * inCont
     }
 }
 
+static void TestCDPCRLIssuerExtension_x509Extraction(nlTestSuite * inSuite, void * inContext)
+{
+    using namespace TestCerts;
+
+    HeapChecker heapChecker(inSuite);
+    CHIP_ERROR err = CHIP_NO_ERROR;
+
+    struct CDPTestCase
+    {
+        ByteSpan Cert;
+        CHIP_ERROR mExpectedError;
+        ByteSpan mCRLIssuerCert;
+    };
+
+    // clang-format off
+    static CDPTestCase sCDPTestCases[] = {
+        // Cert                                                             Expected Error               Expected CRL Issuer Cert
+        // =======================================================================================================================
+        {  ByteSpan(),                                                      CHIP_ERROR_INVALID_ARGUMENT, ByteSpan() },
+        {  sTestCert_PAA_FFF1_Cert,                                         CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_PAI_FFF2_8001_Cert,                                    CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF2_8003_0019_FB_Cert,                            CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Cert,                           CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_HTTPS_Cert,                     CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_2URIs_Cert,                     CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_2DPs_Cert,                      CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_2CDPs_Cert,                         CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Wrong_Prefix_Cert,              CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Long_Cert,                      CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAA_FFF1_Cert,         CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_2CDPs_Issuer_PAI_FFF2_8004_Cert,    CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_CRL_Issuer_PAA_FFF1_2DPs_Cert,  CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_2CRLIssuers_PAA_FFF1_Cert,      CHIP_ERROR_NOT_FOUND,        ByteSpan() },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_FFF1_Cert,           CHIP_NO_ERROR,               sTestCert_PAA_FFF1_Cert },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAA_NoVID_Cert,          CHIP_NO_ERROR,               sTestCert_PAA_NoVID_Cert },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Cert,      CHIP_NO_ERROR,               sTestCert_PAI_FFF2_8004_FB_Cert },
+        {  sTestCert_DAC_FFF1_8000_0000_CDP_Issuer_PAI_FFF2_8004_Long_Cert, CHIP_NO_ERROR,               sTestCert_PAI_FFF2_8004_FB_Cert },
+    };
+    // clang-format on
+
+    for (auto & testCase : sCDPTestCases)
+    {
+        uint8_t crlIssuerBuf[kMaxCertificateDistinguishedNameLength] = { 0 };
+        MutableByteSpan crlIssuer(crlIssuerBuf);
+        err = ExtractCDPExtensionCRLIssuerFromX509Cert(testCase.Cert, crlIssuer);
+        NL_TEST_ASSERT(inSuite, err == testCase.mExpectedError);
+        if (testCase.mExpectedError == CHIP_NO_ERROR)
+        {
+            uint8_t crlIssuerSubjectBuf[kMaxCertificateDistinguishedNameLength] = { 0 };
+            MutableByteSpan crlIssuerSubject(crlIssuerSubjectBuf);
+
+            err = ExtractSubjectFromX509Cert(testCase.mCRLIssuerCert, crlIssuerSubject);
+            NL_TEST_ASSERT(inSuite, err == CHIP_NO_ERROR);
+
+            NL_TEST_ASSERT(inSuite, crlIssuer.data_equal(crlIssuerSubject));
+        }
+    }
+}
+
 static void TestSerialNumber_x509Extraction(nlTestSuite * inSuite, void * inContext)
 {
     using namespace TestCerts;
@@ -2752,6 +2822,7 @@ static const nlTest sTests[] = {
     NL_TEST_DEF("Test Subject Key Id Extraction from x509 Certificate", TestSKID_x509Extraction),
     NL_TEST_DEF("Test Authority Key Id Extraction from x509 Certificate", TestAKID_x509Extraction),
     NL_TEST_DEF("Test CRL Distribution Point Extension Extraction from x509 Certificate", TestCDPExtension_x509Extraction),
+    NL_TEST_DEF("Test CDP Extension CRL Issuer Extraction from x509 Certificate", TestCDPCRLIssuerExtension_x509Extraction),
     NL_TEST_DEF("Test Serial Number Extraction from x509 Certificate", TestSerialNumber_x509Extraction),
     NL_TEST_DEF("Test Subject Extraction from x509 Certificate", TestSubject_x509Extraction),
     NL_TEST_DEF("Test Issuer Extraction from x509 Certificate", TestIssuer_x509Extraction),
diff --git a/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp b/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp
index 96973dcf12046d..e53d793f2ee770 100644
--- a/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp
+++ b/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp
@@ -1662,7 +1662,7 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             cdpExtCount++;
             VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
 
-            // CRL Distribution Point Extension is encoded as a secuense of DistributionPoint:
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
             //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
             //
             // This implementation only supports a single DistributionPoint (sequence of size 1),
@@ -1693,6 +1693,8 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            unsigned char * end_of_general_names = p + len;
+
             // The CDP URI is encoded as a uniformResourceIdentifier field of the GeneralName:
             //     GeneralName ::= CHOICE {
             //         otherName                       [0]     OtherName,
@@ -1708,6 +1710,9 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
                 mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            // Only single URI instance in the GeneralNames is supported
+            VerifyOrExit(p + len == end_of_general_names, error = CHIP_ERROR_NOT_FOUND);
+
             const char * urlptr = reinterpret_cast<const char *>(p);
             VerifyOrExit((len > strlen(kValidCDPURIHttpPrefix) &&
                           strncmp(urlptr, kValidCDPURIHttpPrefix, strlen(kValidCDPURIHttpPrefix)) == 0) ||
@@ -1735,6 +1740,122 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
     return error;
 }
 
+CHIP_ERROR ExtractCDPExtensionCRLIssuerFromX509Cert(const ByteSpan & certificate, MutableByteSpan & crlIssuer)
+{
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    CHIP_ERROR error = CHIP_ERROR_NOT_FOUND;
+    mbedtls_x509_crt mbed_cert;
+    unsigned char * p         = nullptr;
+    const unsigned char * end = nullptr;
+    size_t len                = 0;
+    size_t cdpExtCount        = 0;
+
+    VerifyOrReturnError(!certificate.empty() && CanCastTo<long>(certificate.size()), CHIP_ERROR_INVALID_ARGUMENT);
+
+    mbedtls_x509_crt_init(&mbed_cert);
+
+    int result = mbedtls_x509_crt_parse(&mbed_cert, Uint8::to_const_uchar(certificate.data()), certificate.size());
+    VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
+
+    p   = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
+    end = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p) +
+        mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
+    result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+    VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+    while (p < end)
+    {
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        mbedtls_x509_buf extOID = { MBEDTLS_ASN1_OID, len, p };
+        bool isCurrentExtCDP    = OID_CMP(sOID_Extension_CRLDistributionPoint, extOID);
+        p += len;
+
+        int is_critical = 0;
+        result          = mbedtls_asn1_get_bool(&p, end, &is_critical);
+        VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        unsigned char * end_of_ext = p + len;
+
+        if (isCurrentExtCDP)
+        {
+            // Only one CRL Distribution Point Extension is allowed.
+            cdpExtCount++;
+            VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
+
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
+            //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+            //
+            // This implementation only supports a single DistributionPoint (sequence of size 1),
+            // which is verified by comparing (p + len == end_of_ext)
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // The DistributionPoint is a sequence of three optional elements:
+            //     DistributionPoint ::= SEQUENCE {
+            //         distributionPoint       [0]     DistributionPointName OPTIONAL,
+            //         reasons                 [1]     ReasonFlags OPTIONAL,
+            //         cRLIssuer               [2]     GeneralNames OPTIONAL }
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // If distributionPoint element presents, ignore it
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0);
+            if (result == 0)
+            {
+                p += len;
+                VerifyOrExit(p < end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+            }
+
+            // Check if cRLIssuer element present
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+
+            // The CRL Issuer is encoded as a directoryName field of the GeneralName:
+            //     GeneralName ::= CHOICE {
+            //         otherName                       [0]     OtherName,
+            //         rfc822Name                      [1]     IA5String,
+            //         dNSName                         [2]     IA5String,
+            //         x400Address                     [3]     ORAddress,
+            //         directoryName                   [4]     Name,
+            //         ediPartyName                    [5]     EDIPartyName,
+            //         uniformResourceIdentifier       [6]     IA5String,
+            //         iPAddress                       [7]     OCTET STRING,
+            //         registeredID                    [8]     OBJECT IDENTIFIER }
+            result = mbedtls_asn1_get_tag(
+                &p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_X509_SAN_DIRECTORY_NAME);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            error = CopySpanToMutableSpan(ByteSpan(p, len), crlIssuer);
+            SuccessOrExit(error);
+        }
+        p = end_of_ext;
+    }
+
+    VerifyOrExit(cdpExtCount == 1, error = CHIP_ERROR_NOT_FOUND);
+
+exit:
+    _log_mbedTLS_error(result);
+    mbedtls_x509_crt_free(&mbed_cert);
+
+#else
+    (void) certificate;
+    (void) crlIssuer;
+    CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
+#endif // defined(MBEDTLS_X509_CRT_PARSE_C)
+
+    return error;
+}
+
 CHIP_ERROR ExtractSerialNumberFromX509Cert(const ByteSpan & certificate, MutableByteSpan & serialNumber)
 {
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp b/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp
index b7d49c4fdb2e66..378cbb7e408914 100644
--- a/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp
+++ b/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp
@@ -1631,7 +1631,7 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             cdpExtCount++;
             VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
 
-            // CRL Distribution Point Extension is encoded as a secuense of DistributionPoint:
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
             //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
             //
             // This implementation only supports a single DistributionPoint (sequence of size 1),
@@ -1662,6 +1662,8 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            unsigned char * end_of_general_names = p + len;
+
             // The CDP URI is encoded as a uniformResourceIdentifier field of the GeneralName:
             //     GeneralName ::= CHOICE {
             //         otherName                       [0]     OtherName,
@@ -1677,6 +1679,9 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
                 mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            // Only single URI instance in the GeneralNames is supported
+            VerifyOrExit(p + len == end_of_general_names, error = CHIP_ERROR_NOT_FOUND);
+
             const char * urlptr = reinterpret_cast<const char *>(p);
             VerifyOrExit((len > strlen(kValidCDPURIHttpPrefix) &&
                           strncmp(urlptr, kValidCDPURIHttpPrefix, strlen(kValidCDPURIHttpPrefix)) == 0) ||
@@ -1704,6 +1709,122 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
     return error;
 }
 
+CHIP_ERROR ExtractCDPExtensionCRLIssuerFromX509Cert(const ByteSpan & certificate, MutableByteSpan & crlIssuer)
+{
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    CHIP_ERROR error = CHIP_ERROR_NOT_FOUND;
+    mbedtls_x509_crt mbed_cert;
+    unsigned char * p         = nullptr;
+    const unsigned char * end = nullptr;
+    size_t len                = 0;
+    size_t cdpExtCount        = 0;
+
+    VerifyOrReturnError(!certificate.empty() && CanCastTo<long>(certificate.size()), CHIP_ERROR_INVALID_ARGUMENT);
+
+    mbedtls_x509_crt_init(&mbed_cert);
+
+    int result = mbedtls_x509_crt_parse(&mbed_cert, Uint8::to_const_uchar(certificate.data()), certificate.size());
+    VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
+
+    p   = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
+    end = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p) +
+        mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
+    result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+    VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+    while (p < end)
+    {
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        mbedtls_x509_buf extOID = { MBEDTLS_ASN1_OID, len, p };
+        bool isCurrentExtCDP    = OID_CMP(sOID_Extension_CRLDistributionPoint, extOID);
+        p += len;
+
+        int is_critical = 0;
+        result          = mbedtls_asn1_get_bool(&p, end, &is_critical);
+        VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        unsigned char * end_of_ext = p + len;
+
+        if (isCurrentExtCDP)
+        {
+            // Only one CRL Distribution Point Extension is allowed.
+            cdpExtCount++;
+            VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
+
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
+            //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+            //
+            // This implementation only supports a single DistributionPoint (sequence of size 1),
+            // which is verified by comparing (p + len == end_of_ext)
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // The DistributionPoint is a sequence of three optional elements:
+            //     DistributionPoint ::= SEQUENCE {
+            //         distributionPoint       [0]     DistributionPointName OPTIONAL,
+            //         reasons                 [1]     ReasonFlags OPTIONAL,
+            //         cRLIssuer               [2]     GeneralNames OPTIONAL }
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // If distributionPoint element presents, ignore it
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0);
+            if (result == 0)
+            {
+                p += len;
+                VerifyOrExit(p < end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+            }
+
+            // Check if cRLIssuer element present
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+
+            // The CRL Issuer is encoded as a directoryName field of the GeneralName:
+            //     GeneralName ::= CHOICE {
+            //         otherName                       [0]     OtherName,
+            //         rfc822Name                      [1]     IA5String,
+            //         dNSName                         [2]     IA5String,
+            //         x400Address                     [3]     ORAddress,
+            //         directoryName                   [4]     Name,
+            //         ediPartyName                    [5]     EDIPartyName,
+            //         uniformResourceIdentifier       [6]     IA5String,
+            //         iPAddress                       [7]     OCTET STRING,
+            //         registeredID                    [8]     OBJECT IDENTIFIER }
+            result = mbedtls_asn1_get_tag(
+                &p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_X509_SAN_DIRECTORY_NAME);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            error = CopySpanToMutableSpan(ByteSpan(p, len), crlIssuer);
+            SuccessOrExit(error);
+        }
+        p = end_of_ext;
+    }
+
+    VerifyOrExit(cdpExtCount == 1, error = CHIP_ERROR_NOT_FOUND);
+
+exit:
+    _log_mbedTLS_error(result);
+    mbedtls_x509_crt_free(&mbed_cert);
+
+#else
+    (void) certificate;
+    (void) crlIssuer;
+    CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
+#endif // defined(MBEDTLS_X509_CRT_PARSE_C)
+
+    return error;
+}
+
 CHIP_ERROR ExtractSerialNumberFromX509Cert(const ByteSpan & certificate, MutableByteSpan & serialNumber)
 {
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp b/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp
index 1bcfbdc59edaa5..15e8abf27ea76d 100644
--- a/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp
+++ b/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp
@@ -1662,7 +1662,7 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             cdpExtCount++;
             VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
 
-            // CRL Distribution Point Extension is encoded as a secuense of DistributionPoint:
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
             //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
             //
             // This implementation only supports a single DistributionPoint (sequence of size 1),
@@ -1693,6 +1693,8 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            unsigned char * end_of_general_names = p + len;
+
             // The CDP URI is encoded as a uniformResourceIdentifier field of the GeneralName:
             //     GeneralName ::= CHOICE {
             //         otherName                       [0]     OtherName,
@@ -1708,6 +1710,9 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
                 mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            // Only single URI instance in the GeneralNames is supported
+            VerifyOrExit(p + len == end_of_general_names, error = CHIP_ERROR_NOT_FOUND);
+
             const char * urlptr = reinterpret_cast<const char *>(p);
             VerifyOrExit((len > strlen(kValidCDPURIHttpPrefix) &&
                           strncmp(urlptr, kValidCDPURIHttpPrefix, strlen(kValidCDPURIHttpPrefix)) == 0) ||
@@ -1735,6 +1740,122 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
     return error;
 }
 
+CHIP_ERROR ExtractCDPExtensionCRLIssuerFromX509Cert(const ByteSpan & certificate, MutableByteSpan & crlIssuer)
+{
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    CHIP_ERROR error = CHIP_ERROR_NOT_FOUND;
+    mbedtls_x509_crt mbed_cert;
+    unsigned char * p         = nullptr;
+    const unsigned char * end = nullptr;
+    size_t len                = 0;
+    size_t cdpExtCount        = 0;
+
+    VerifyOrReturnError(!certificate.empty() && CanCastTo<long>(certificate.size()), CHIP_ERROR_INVALID_ARGUMENT);
+
+    mbedtls_x509_crt_init(&mbed_cert);
+
+    int result = mbedtls_x509_crt_parse(&mbed_cert, Uint8::to_const_uchar(certificate.data()), certificate.size());
+    VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
+
+    p   = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
+    end = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p) +
+        mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
+    result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+    VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+    while (p < end)
+    {
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        mbedtls_x509_buf extOID = { MBEDTLS_ASN1_OID, len, p };
+        bool isCurrentExtCDP    = OID_CMP(sOID_Extension_CRLDistributionPoint, extOID);
+        p += len;
+
+        int is_critical = 0;
+        result          = mbedtls_asn1_get_bool(&p, end, &is_critical);
+        VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        unsigned char * end_of_ext = p + len;
+
+        if (isCurrentExtCDP)
+        {
+            // Only one CRL Distribution Point Extension is allowed.
+            cdpExtCount++;
+            VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
+
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
+            //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+            //
+            // This implementation only supports a single DistributionPoint (sequence of size 1),
+            // which is verified by comparing (p + len == end_of_ext)
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // The DistributionPoint is a sequence of three optional elements:
+            //     DistributionPoint ::= SEQUENCE {
+            //         distributionPoint       [0]     DistributionPointName OPTIONAL,
+            //         reasons                 [1]     ReasonFlags OPTIONAL,
+            //         cRLIssuer               [2]     GeneralNames OPTIONAL }
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // If distributionPoint element presents, ignore it
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0);
+            if (result == 0)
+            {
+                p += len;
+                VerifyOrExit(p < end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+            }
+
+            // Check if cRLIssuer element present
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+
+            // The CRL Issuer is encoded as a directoryName field of the GeneralName:
+            //     GeneralName ::= CHOICE {
+            //         otherName                       [0]     OtherName,
+            //         rfc822Name                      [1]     IA5String,
+            //         dNSName                         [2]     IA5String,
+            //         x400Address                     [3]     ORAddress,
+            //         directoryName                   [4]     Name,
+            //         ediPartyName                    [5]     EDIPartyName,
+            //         uniformResourceIdentifier       [6]     IA5String,
+            //         iPAddress                       [7]     OCTET STRING,
+            //         registeredID                    [8]     OBJECT IDENTIFIER }
+            result = mbedtls_asn1_get_tag(
+                &p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_X509_SAN_DIRECTORY_NAME);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            error = CopySpanToMutableSpan(ByteSpan(p, len), crlIssuer);
+            SuccessOrExit(error);
+        }
+        p = end_of_ext;
+    }
+
+    VerifyOrExit(cdpExtCount == 1, error = CHIP_ERROR_NOT_FOUND);
+
+exit:
+    _log_mbedTLS_error(result);
+    mbedtls_x509_crt_free(&mbed_cert);
+
+#else
+    (void) certificate;
+    (void) crlIssuer;
+    CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
+#endif // defined(MBEDTLS_X509_CRT_PARSE_C)
+
+    return error;
+}
+
 CHIP_ERROR ExtractSerialNumberFromX509Cert(const ByteSpan & certificate, MutableByteSpan & serialNumber)
 {
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp b/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp
index e0b5906c1a816b..9948017c4d3f94 100644
--- a/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp
+++ b/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp
@@ -2023,7 +2023,7 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             cdpExtCount++;
             VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
 
-            // CRL Distribution Point Extension is encoded as a secuense of DistributionPoint:
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
             //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
             //
             // This implementation only supports a single DistributionPoint (sequence of size 1),
@@ -2054,6 +2054,8 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
             result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            unsigned char * end_of_general_names = p + len;
+
             // The CDP URI is encoded as a uniformResourceIdentifier field of the GeneralName:
             //     GeneralName ::= CHOICE {
             //         otherName                       [0]     OtherName,
@@ -2069,6 +2071,9 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
                 mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER);
             VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
 
+            // Only single URI instance in the GeneralNames is supported
+            VerifyOrExit(p + len == end_of_general_names, error = CHIP_ERROR_NOT_FOUND);
+
             const char * urlptr = reinterpret_cast<const char *>(p);
             VerifyOrExit((len > strlen(kValidCDPURIHttpPrefix) &&
                           strncmp(urlptr, kValidCDPURIHttpPrefix, strlen(kValidCDPURIHttpPrefix)) == 0) ||
@@ -2096,6 +2101,122 @@ CHIP_ERROR ExtractCRLDistributionPointURIFromX509Cert(const ByteSpan & certifica
     return error;
 }
 
+CHIP_ERROR ExtractCDPExtensionCRLIssuerFromX509Cert(const ByteSpan & certificate, MutableByteSpan & crlIssuer)
+{
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+    CHIP_ERROR error = CHIP_ERROR_NOT_FOUND;
+    mbedtls_x509_crt mbed_cert;
+    unsigned char * p         = nullptr;
+    const unsigned char * end = nullptr;
+    size_t len                = 0;
+    size_t cdpExtCount        = 0;
+
+    VerifyOrReturnError(!certificate.empty() && CanCastTo<long>(certificate.size()), CHIP_ERROR_INVALID_ARGUMENT);
+
+    mbedtls_x509_crt_init(&mbed_cert);
+
+    int result = mbedtls_x509_crt_parse(&mbed_cert, Uint8::to_const_uchar(certificate.data()), certificate.size());
+    VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL);
+
+    p   = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p);
+    end = mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(p) +
+        mbed_cert.CHIP_CRYPTO_PAL_PRIVATE_X509(v3_ext).CHIP_CRYPTO_PAL_PRIVATE_X509(len);
+    result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+    VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+    while (p < end)
+    {
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        mbedtls_x509_buf extOID = { MBEDTLS_ASN1_OID, len, p };
+        bool isCurrentExtCDP    = OID_CMP(sOID_Extension_CRLDistributionPoint, extOID);
+        p += len;
+
+        int is_critical = 0;
+        result          = mbedtls_asn1_get_bool(&p, end, &is_critical);
+        VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
+        VerifyOrExit(result == 0, error = CHIP_ERROR_WRONG_CERT_TYPE);
+
+        unsigned char * end_of_ext = p + len;
+
+        if (isCurrentExtCDP)
+        {
+            // Only one CRL Distribution Point Extension is allowed.
+            cdpExtCount++;
+            VerifyOrExit(cdpExtCount <= 1, error = CHIP_ERROR_NOT_FOUND);
+
+            // CRL Distribution Point Extension is encoded as a sequence of DistributionPoint:
+            //     CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+            //
+            // This implementation only supports a single DistributionPoint (sequence of size 1),
+            // which is verified by comparing (p + len == end_of_ext)
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // The DistributionPoint is a sequence of three optional elements:
+            //     DistributionPoint ::= SEQUENCE {
+            //         distributionPoint       [0]     DistributionPointName OPTIONAL,
+            //         reasons                 [1]     ReasonFlags OPTIONAL,
+            //         cRLIssuer               [2]     GeneralNames OPTIONAL }
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            // If distributionPoint element presents, ignore it
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0);
+            if (result == 0)
+            {
+                p += len;
+                VerifyOrExit(p < end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+            }
+
+            // Check if cRLIssuer element present
+            result = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+
+            // The CRL Issuer is encoded as a directoryName field of the GeneralName:
+            //     GeneralName ::= CHOICE {
+            //         otherName                       [0]     OtherName,
+            //         rfc822Name                      [1]     IA5String,
+            //         dNSName                         [2]     IA5String,
+            //         x400Address                     [3]     ORAddress,
+            //         directoryName                   [4]     Name,
+            //         ediPartyName                    [5]     EDIPartyName,
+            //         uniformResourceIdentifier       [6]     IA5String,
+            //         iPAddress                       [7]     OCTET STRING,
+            //         registeredID                    [8]     OBJECT IDENTIFIER }
+            result = mbedtls_asn1_get_tag(
+                &p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_X509_SAN_DIRECTORY_NAME);
+            VerifyOrExit(result == 0, error = CHIP_ERROR_NOT_FOUND);
+            VerifyOrExit(p + len == end_of_ext, error = CHIP_ERROR_NOT_FOUND);
+
+            error = CopySpanToMutableSpan(ByteSpan(p, len), crlIssuer);
+            SuccessOrExit(error);
+        }
+        p = end_of_ext;
+    }
+
+    VerifyOrExit(cdpExtCount == 1, error = CHIP_ERROR_NOT_FOUND);
+
+exit:
+    _log_mbedTLS_error(result);
+    mbedtls_x509_crt_free(&mbed_cert);
+
+#else
+    (void) certificate;
+    (void) crlIssuer;
+    CHIP_ERROR error = CHIP_ERROR_NOT_IMPLEMENTED;
+#endif // defined(MBEDTLS_X509_CRT_PARSE_C)
+
+    return error;
+}
+
 CHIP_ERROR ExtractSerialNumberFromX509Cert(const ByteSpan & certificate, MutableByteSpan & serialNumber)
 {
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/src/tools/chip-cert/CertUtils.cpp b/src/tools/chip-cert/CertUtils.cpp
index 3fcf474e9abba8..db880f75f3c5dc 100644
--- a/src/tools/chip-cert/CertUtils.cpp
+++ b/src/tools/chip-cert/CertUtils.cpp
@@ -1284,8 +1284,7 @@ bool ResignCert(X509 * cert, X509 * caCert, EVP_PKEY * caKey)
 
 bool MakeAttCert(AttCertType attCertType, const char * subjectCN, uint16_t subjectVID, uint16_t subjectPID,
                  bool encodeVIDandPIDasCN, X509 * caCert, EVP_PKEY * caKey, const struct tm & validFrom, uint32_t validDays,
-                 X509 * newCert, EVP_PKEY * newKey, CertStructConfig & certConfig, const FutureExtensionWithNID * exts,
-                 uint8_t extsCount)
+                 X509 * newCert, EVP_PKEY * newKey, CertStructConfig & certConfig, X509_EXTENSION * cdpExt)
 {
     bool res     = true;
     uint16_t vid = certConfig.IsSubjectVIDMismatch() ? static_cast<uint16_t>(subjectVID + 1) : subjectVID;
@@ -1469,9 +1468,16 @@ bool MakeAttCert(AttCertType attCertType, const char * subjectCN, uint16_t subje
         VerifyTrueOrExit(res);
     }
 
-    for (uint8_t i = 0; i < extsCount; i++)
+    if (cdpExt != nullptr)
     {
-        res = AddExtension(newCert, exts[i].nid, exts[i].info);
+        int result = X509_add_ext(newCert, cdpExt, -1);
+        VerifyTrueOrExit(result == 1);
+    }
+
+    if (certConfig.IsExtensionCDPPresent())
+    {
+        // Add second CDP extension.
+        res = AddExtension(newCert, NID_crl_distribution_points, "URI:http://example.com/test_crl.pem");
         VerifyTrueOrExit(res);
     }
 
diff --git a/src/tools/chip-cert/Cmd_GenAttCert.cpp b/src/tools/chip-cert/Cmd_GenAttCert.cpp
index 7f57e1df20542d..3c30991dc9e8dc 100644
--- a/src/tools/chip-cert/Cmd_GenAttCert.cpp
+++ b/src/tools/chip-cert/Cmd_GenAttCert.cpp
@@ -31,6 +31,8 @@
 
 #include <lib/support/SafeInt.h>
 
+#include <openssl/x509.h>
+
 namespace {
 
 using namespace chip;
@@ -45,22 +47,23 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char
 // clang-format off
 OptionDef gCmdOptionDefs[] =
 {
-    { "type",             kArgumentRequired, 't' },
-    { "subject-cn",       kArgumentRequired, 'c' },
-    { "subject-vid",      kArgumentRequired, 'V' },
-    { "subject-pid",      kArgumentRequired, 'P' },
-    { "vid-pid-as-cn",    kNoArgument,       'a' },
-    { "key",              kArgumentRequired, 'k' },
-    { "ca-cert",          kArgumentRequired, 'C' },
-    { "ca-key",           kArgumentRequired, 'K' },
-    { "out",              kArgumentRequired, 'o' },
-    { "out-key",          kArgumentRequired, 'O' },
-    { "valid-from",       kArgumentRequired, 'f' },
-    { "lifetime",         kArgumentRequired, 'l' },
-    { "cpd-ext",          kArgumentRequired, 'x' },
-#if CHIP_CONFIG_INTERNAL_FLAG_GENERATE_DA_TEST_CASES
-    { "ignore-error",     kNoArgument,       'I' },
-    { "error-type",       kArgumentRequired, 'E' },
+    { "type",               kArgumentRequired, 't' },
+    { "subject-cn",         kArgumentRequired, 'c' },
+    { "subject-vid",        kArgumentRequired, 'V' },
+    { "subject-pid",        kArgumentRequired, 'P' },
+    { "vid-pid-as-cn",      kNoArgument,       'a' },
+    { "key",                kArgumentRequired, 'k' },
+    { "ca-cert",            kArgumentRequired, 'C' },
+    { "ca-key",             kArgumentRequired, 'K' },
+    { "out",                kArgumentRequired, 'o' },
+    { "out-key",            kArgumentRequired, 'O' },
+    { "valid-from",         kArgumentRequired, 'f' },
+    { "lifetime",           kArgumentRequired, 'l' },
+    { "cdp-uri",            kArgumentRequired, 'x' },
+    { "crl-issuer-cert",    kArgumentRequired, 'L' },
+ #if CHIP_CONFIG_INTERNAL_FLAG_GENERATE_DA_TEST_CASES
+    { "ignore-error",       kNoArgument,       'I' },
+    { "error-type",         kArgumentRequired, 'E' },
 #endif
     { }
 };
@@ -126,11 +129,17 @@ const char * const gCmdOptionHelp =
     "       4294967295 to indicate that certificate doesn't have well defined\n"
     "       expiration date\n"
     "\n"
-    "   -x, --cpd-ext <string>\n"
+    "   -x, --cdp-uri <string>\n"
     "\n"
     "       CRL Distribution Points (CDP) extension (NID_crl_distribution_points) extension to be added to the list\n"
     "       of certificate extensions.\n"
     "\n"
+    "   -L, --crl-issuer-cert <file/str>\n"
+    "\n"
+    "       File or string containing the CRL Issuer certificate (in an X.509 PEM format).\n"
+    "       The Subject name will be extracted from this certificate to be included in the\n"
+    "       cRLIssuer field of the CRL Distribution Point (CDP) extension.\n"
+    "\n"
 #if CHIP_CONFIG_INTERNAL_FLAG_GENERATE_DA_TEST_CASES
     "   -I, --ignore-error\n"
     "\n"
@@ -180,6 +189,10 @@ const char * const gCmdOptionHelp =
     "           ext-extended-key-usage           - Certificate will include optional Extended Key Usage extension.\n"
     "           ext-authority-info-access        - Certificate will include optional Authority Information Access extension.\n"
     "           ext-subject-alt-name             - Certificate will include optional Subject Alternative Name extension.\n"
+    "           ext-cdp-uri-duplicate            - Certificate will include additional URI Field in the CDP extension.\n"
+    "           ext-cdp-crl-issuer-duplicate     - Certificate will include additional CRL Issuer Field in the CDP extension.\n"
+    "           ext-cdp-dist-point-duplicate     - Certificate will include additional CRL Distribution Point Field in the CDP extension.\n"
+    "           ext-cdp-add                      - Certificate will include additional CDP extension.\n"
     "\n"
 #endif // CHIP_CONFIG_INTERNAL_FLAG_GENERATE_DA_TEST_CASES
     ;
@@ -207,19 +220,19 @@ OptionSet *gCmdOptionSets[] =
 };
 // clang-format on
 
-AttCertType gAttCertType                 = kAttCertType_NotSpecified;
-const char * gSubjectCN                  = nullptr;
-uint16_t gSubjectVID                     = VendorId::NotSpecified;
-uint16_t gSubjectPID                     = 0;
-bool gEncodeVIDandPIDasCN                = false;
-const char * gCACertFileNameOrStr        = nullptr;
-const char * gCAKeyFileNameOrStr         = nullptr;
-const char * gInKeyFileNameOrStr         = nullptr;
-const char * gOutCertFileName            = nullptr;
-const char * gOutKeyFileName             = nullptr;
-uint32_t gValidDays                      = kCertValidDays_Undefined;
-FutureExtensionWithNID gCPDExtensions[3] = { { 0, nullptr } };
-uint8_t gCPDExtensionsCount              = 0;
+AttCertType gAttCertType            = kAttCertType_NotSpecified;
+const char * gSubjectCN             = nullptr;
+uint16_t gSubjectVID                = VendorId::NotSpecified;
+uint16_t gSubjectPID                = 0;
+bool gEncodeVIDandPIDasCN           = false;
+const char * gCACertFileNameOrStr   = nullptr;
+const char * gCAKeyFileNameOrStr    = nullptr;
+const char * gInKeyFileNameOrStr    = nullptr;
+const char * gOutCertFileName       = nullptr;
+const char * gOutKeyFileName        = nullptr;
+uint32_t gValidDays                 = kCertValidDays_Undefined;
+const char * gCDPURI                = nullptr;
+const char * gCRLIssuerCertFileName = nullptr;
 struct tm gValidFrom;
 CertStructConfig gCertConfig;
 
@@ -300,9 +313,10 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char
         }
         break;
     case 'x':
-        gCPDExtensions[gCPDExtensionsCount].nid  = NID_crl_distribution_points;
-        gCPDExtensions[gCPDExtensionsCount].info = arg;
-        gCPDExtensionsCount++;
+        gCDPURI = arg;
+        break;
+    case 'L':
+        gCRLIssuerCertFileName = arg;
         break;
 #if CHIP_CONFIG_INTERNAL_FLAG_GENERATE_DA_TEST_CASES
     case 'I':
@@ -409,6 +423,22 @@ bool HandleOption(const char * progName, OptionSet * optSet, int id, const char
         {
             gCertConfig.SetExtensionSubjectAltNamePresent();
         }
+        else if (strcmp(arg, "ext-cdp-uri-duplicate") == 0)
+        {
+            gCertConfig.SetExtensionCDPURIDuplicate();
+        }
+        else if (strcmp(arg, "ext-cdp-crl-issuer-duplicate") == 0)
+        {
+            gCertConfig.SetExtensionCDPCRLIssuerDuplicate();
+        }
+        else if (strcmp(arg, "ext-cdp-dist-point-duplicate") == 0)
+        {
+            gCertConfig.SetExtensionCDPDistPointDuplicate();
+        }
+        else if (strcmp(arg, "ext-cdp-add") == 0)
+        {
+            gCertConfig.SetExtensionCDPPresent();
+        }
         else if (strcmp(arg, "no-error") != 0)
         {
             PrintArgError("%s: Invalid value specified for the error type: %s\n", progName, arg);
@@ -432,6 +462,17 @@ bool Cmd_GenAttCert(int argc, char * argv[])
     std::unique_ptr<X509, void (*)(X509 *)> newCert(X509_new(), &X509_free);
     std::unique_ptr<EVP_PKEY, void (*)(EVP_PKEY *)> newKey(EVP_PKEY_new(), &EVP_PKEY_free);
 
+    // Declarations related to the CRL Distribution Points (CDP) Extention
+    std::unique_ptr<X509, void (*)(X509 *)> cRLIssuerCert(nullptr, &X509_free);
+    std::unique_ptr<X509_EXTENSION, void (*)(X509_EXTENSION *)> cdpExtension(nullptr, &X509_EXTENSION_free);
+    STACK_OF(DIST_POINT) * distPoints = nullptr;
+    DIST_POINT * distPoint            = nullptr;
+    ASN1_IA5STRING * uri              = nullptr;
+    GENERAL_NAME * distPointName      = nullptr;
+    GENERAL_NAME * crlIssuerName      = nullptr;
+
+    std::unique_ptr<X509_EXTENSION, void (*)(X509_EXTENSION *)> cdpExtension2(nullptr, &X509_EXTENSION_free);
+
     {
         time_t now         = time(nullptr);
         gValidFrom         = *gmtime(&now);
@@ -565,10 +606,82 @@ bool Cmd_GenAttCert(int argc, char * argv[])
         }
     }
 
+    if (gCRLIssuerCertFileName != nullptr || gCDPURI != nullptr)
+    {
+        int result;
+
+        // Create a DIST_POINT object
+        distPoint = DIST_POINT_new();
+        VerifyOrReturnError(distPoint != nullptr, false);
+
+        if (gCDPURI != nullptr)
+        {
+            // Set the distribution point name
+            distPoint->distpoint = DIST_POINT_NAME_new();
+            VerifyOrReturnError(distPoint->distpoint != nullptr, false);
+
+            distPoint->distpoint->type          = 0; // fullName
+            distPoint->distpoint->name.fullname = GENERAL_NAMES_new();
+            VerifyOrReturnError(distPoint->distpoint->name.fullname != nullptr, false);
+
+            // Create and set URI string
+            uri = ASN1_IA5STRING_new();
+            VerifyOrReturnError(uri != nullptr, false);
+            result = ASN1_STRING_set(uri, gCDPURI, -1);
+            VerifyOrReturnError(result != 0, false);
+
+            // Set fullName as a URI
+            distPointName = GENERAL_NAME_new();
+            VerifyOrReturnError(distPointName != nullptr, false);
+            distPointName->type                        = GEN_URI;
+            distPointName->d.uniformResourceIdentifier = uri;
+            sk_GENERAL_NAME_push(distPoint->distpoint->name.fullname, distPointName);
+
+            if (gCertConfig.IsExtensionCDPURIDuplicate())
+            {
+                // Add second instance of CDP URI - invalid configuration
+                sk_GENERAL_NAME_push(distPoint->distpoint->name.fullname, distPointName);
+            }
+        }
+
+        if (gCRLIssuerCertFileName != nullptr)
+        {
+            // Extract Subject from the CRL Issuer Certificate
+            res = ReadCert(gCRLIssuerCertFileName, cRLIssuerCert);
+            VerifyTrueOrExit(res);
+
+            crlIssuerName = GENERAL_NAME_new();
+            VerifyOrReturnError(crlIssuerName != nullptr, false);
+            crlIssuerName->type            = GEN_DIRNAME;
+            crlIssuerName->d.directoryName = X509_get_subject_name(cRLIssuerCert.get());
+            distPoint->CRLissuer           = GENERAL_NAMES_new();
+            sk_GENERAL_NAME_push(distPoint->CRLissuer, crlIssuerName);
+
+            if (gCertConfig.IsExtensionCDPCRLIssuerDuplicate())
+            {
+                // Add second instance of CDP CRL Issuer - invalid configuration
+                sk_GENERAL_NAME_push(distPoint->CRLissuer, crlIssuerName);
+            }
+        }
+
+        // Push single DIST_POINT into array of CRL Distribution Points
+        distPoints = sk_DIST_POINT_new_null();
+        sk_DIST_POINT_push(distPoints, distPoint);
+
+        if (gCertConfig.IsExtensionCDPDistPointDuplicate())
+        {
+            // Add second instance of CDP URI - invalid configuration
+            sk_DIST_POINT_push(distPoints, distPoint);
+        }
+
+        cdpExtension.reset(X509V3_EXT_i2d(NID_crl_distribution_points, 0, distPoints));
+        VerifyOrReturnError(cdpExtension.get() != nullptr, false);
+    }
+
     if (gAttCertType == kAttCertType_PAA)
     {
         res = MakeAttCert(gAttCertType, gSubjectCN, gSubjectVID, gSubjectPID, gEncodeVIDandPIDasCN, newCert.get(), newKey.get(),
-                          gValidFrom, gValidDays, newCert.get(), newKey.get(), gCertConfig, gCPDExtensions, gCPDExtensionsCount);
+                          gValidFrom, gValidDays, newCert.get(), newKey.get(), gCertConfig, cdpExtension.get());
         VerifyTrueOrExit(res);
     }
     else
@@ -583,7 +696,7 @@ bool Cmd_GenAttCert(int argc, char * argv[])
         VerifyTrueOrExit(res);
 
         res = MakeAttCert(gAttCertType, gSubjectCN, gSubjectVID, gSubjectPID, gEncodeVIDandPIDasCN, caCert.get(), caKey.get(),
-                          gValidFrom, gValidDays, newCert.get(), newKey.get(), gCertConfig, gCPDExtensions, gCPDExtensionsCount);
+                          gValidFrom, gValidDays, newCert.get(), newKey.get(), gCertConfig, cdpExtension.get());
         VerifyTrueOrExit(res);
     }
 
diff --git a/src/tools/chip-cert/chip-cert.h b/src/tools/chip-cert/chip-cert.h
index 2f203193e38e44..82d4d8e4c8190b 100644
--- a/src/tools/chip-cert/chip-cert.h
+++ b/src/tools/chip-cert/chip-cert.h
@@ -1,6 +1,6 @@
 /*
  *
- *    Copyright (c) 2021-2022 Project CHIP Authors
+ *    Copyright (c) 2021-2023 Project CHIP Authors
  *    Copyright (c) 2013-2017 Nest Labs, Inc.
  *    All rights reserved.
  *
@@ -185,6 +185,10 @@ class CertStructConfig
     void SetExtensionExtendedKeyUsagePresent() { mFlags.Set(CertErrorFlags::kExtExtendedKeyUsage); }
     void SetExtensionAuthorityInfoAccessPresent() { mFlags.Set(CertErrorFlags::kExtAuthorityInfoAccess); }
     void SetExtensionSubjectAltNamePresent() { mFlags.Set(CertErrorFlags::kExtSubjectAltName); }
+    void SetExtensionCDPPresent() { mFlags.Set(CertErrorFlags::kExtCRLDistributionPoints); }
+    void SetExtensionCDPURIDuplicate() { mFlags.Set(CertErrorFlags::kExtCDPURIDuplicate); }
+    void SetExtensionCDPCRLIssuerDuplicate() { mFlags.Set(CertErrorFlags::kExtCDPCRLIssuerDuplicate); }
+    void SetExtensionCDPDistPointDuplicate() { mFlags.Set(CertErrorFlags::kExtCDPDistPointDuplicate); }
     void SetSignatureError() { mFlags.Set(CertErrorFlags::kSignature); }
 
     void SetCertOversized() { mFlags.Set(CertErrorFlags::kCertOversized); }
@@ -314,6 +318,10 @@ class CertStructConfig
     bool IsExtensionExtendedKeyUsagePresent() { return (mEnabled && mFlags.Has(CertErrorFlags::kExtExtendedKeyUsage)); }
     bool IsExtensionAuthorityInfoAccessPresent() { return (mEnabled && mFlags.Has(CertErrorFlags::kExtAuthorityInfoAccess)); }
     bool IsExtensionSubjectAltNamePresent() { return (mEnabled && mFlags.Has(CertErrorFlags::kExtSubjectAltName)); }
+    bool IsExtensionCDPPresent() { return (mEnabled && mFlags.Has(CertErrorFlags::kExtCRLDistributionPoints)); }
+    bool IsExtensionCDPURIDuplicate() { return (mEnabled && mFlags.Has(CertErrorFlags::kExtCDPURIDuplicate)); }
+    bool IsExtensionCDPCRLIssuerDuplicate() { return (mEnabled && mFlags.Has(CertErrorFlags::kExtCDPCRLIssuerDuplicate)); }
+    bool IsExtensionCDPDistPointDuplicate() { return (mEnabled && mFlags.Has(CertErrorFlags::kExtCDPDistPointDuplicate)); }
     bool IsSignatureError() { return (mEnabled && mFlags.Has(CertErrorFlags::kSignature)); }
 
     bool IsCertOversized() { return (mEnabled && mFlags.Has(CertErrorFlags::kCertOversized)); }
@@ -368,26 +376,30 @@ class CertStructConfig
         kExtExtendedKeyUsage        = 0x0000000002000000, // DA specific
         kExtAuthorityInfoAccess     = 0x0000000004000000, // DA specific
         kExtSubjectAltName          = 0x0000000008000000, // DA specific
-        kSignature                  = 0x0000000010000000,
+        kExtCRLDistributionPoints   = 0x0000000010000000, // DA specific
+        kExtCDPURIDuplicate         = 0x0000000020000000, // DA specific
+        kExtCDPCRLIssuerDuplicate   = 0x0000000040000000, // DA specific
+        kExtCDPDistPointDuplicate   = 0x0000000080000000, // DA specific
+        kSignature                  = 0x0000000100000000,
 
         // Op Cert Specific Flags:
-        kCertOversized              = 0x0000000100000000,
-        kSerialNumberMissing        = 0x0000000200000000,
-        kIssuerMissing              = 0x0000000400000000,
-        kValidityNotBeforeMissing   = 0x0000000800000000,
-        kValidityNotAfterMissing    = 0x0000001000000000,
-        kValidityWrong              = 0x0000002000000000,
-        kSubjectMissing             = 0x0000004000000000,
-        kSubjectMatterIdMissing     = 0x0000008000000000,
-        kSubjectNodeIdInvalid       = 0x0000010000000000,
-        kSubjectMatterIdTwice       = 0x0000020000000000,
-        kSubjectFabricIdMissing     = 0x0000040000000000,
-        kSubjectFabricIdInvalid     = 0x0000080000000000,
-        kSubjectFabricIdTwice       = 0x0000100000000000,
-        kSubjectFabricIdMismatch    = 0x0000200000000000,
-        kSubjectCATInvalid          = 0x0000400000000000,
-        kSubjectCATTwice            = 0x0000800000000000,
-        kExtExtendedKeyUsageMissing = 0x0001000000000000,
+        kCertOversized              = 0x0000001000000000,
+        kSerialNumberMissing        = 0x0000002000000000,
+        kIssuerMissing              = 0x0000004000000000,
+        kValidityNotBeforeMissing   = 0x0000008000000000,
+        kValidityNotAfterMissing    = 0x0000010000000000,
+        kValidityWrong              = 0x0000020000000000,
+        kSubjectMissing             = 0x0000040000000000,
+        kSubjectMatterIdMissing     = 0x0000080000000000,
+        kSubjectNodeIdInvalid       = 0x0000100000000000,
+        kSubjectMatterIdTwice       = 0x0000200000000000,
+        kSubjectFabricIdMissing     = 0x0000400000000000,
+        kSubjectFabricIdInvalid     = 0x0000800000000000,
+        kSubjectFabricIdTwice       = 0x0001000000000000,
+        kSubjectFabricIdMismatch    = 0x0002000000000000,
+        kSubjectCATInvalid          = 0x0004000000000000,
+        kSubjectCATTwice            = 0x0008000000000000,
+        kExtExtendedKeyUsageMissing = 0x0010000000000000,
     };
 
     static constexpr uint32_t kExtraBufferLengthForOvesizedCert = 300;
@@ -437,8 +449,7 @@ extern bool ResignCert(X509 * cert, X509 * caCert, EVP_PKEY * caKey);
 
 extern bool MakeAttCert(AttCertType attCertType, const char * subjectCN, uint16_t subjectVID, uint16_t subjectPID,
                         bool encodeVIDandPIDasCN, X509 * caCert, EVP_PKEY * caKey, const struct tm & validFrom, uint32_t validDays,
-                        X509 * newCert, EVP_PKEY * newKey, CertStructConfig & certConfig, const FutureExtensionWithNID * exts,
-                        uint8_t extsCount);
+                        X509 * newCert, EVP_PKEY * newKey, CertStructConfig & certConfig, X509_EXTENSION * cdpExt);
 extern bool GenerateKeyPair(EVP_PKEY * key);
 extern bool GenerateKeyPair_Secp256k1(EVP_PKEY * key);
 extern bool ReadKey(const char * fileNameOrStr, std::unique_ptr<EVP_PKEY, void (*)(EVP_PKEY *)> & key,