C2PA Certificates

Sign content credentials that travel with every photo, video, and document you publish

A C2PA Certificate lets you attach a cryptographically signed provenance record, a "content credential", to any media file. Anyone who receives the file can verify its origin, check whether it's been altered, and see an auditable chain of custody from creation to distribution. Built on the open C2PA standard, backed by Adobe, Google, Microsoft, BBC, Reuters, and the Content Authenticity Initiative.

Request C2PA Certificate access Talk to an expert

What is a C2PA Certificate?

A C2PA (Coalition for Content Provenance and Authenticity) Certificate is a digital certificate used to sign a C2PA manifest, the structured provenance record embedded in a media file. The certificate proves that the manifest was created by the named entity and hasn't been tampered with since signing.

When a platform, viewer, or tool inspects a content credential, it validates the C2PA certificate signature, confirming the credential is authentic and unaltered.

Read more
Without C2PA Certificate With C2PA Certificate
No way to verify who created the content Signed credential names the creating organization or tool
Content can be manipulated without detection Any modification to the content breaks the cryptographic manifest
No standardized AI disclosure mechanism AI generation or assistance can be disclosed in the signed manifest
Provenance claims are self-asserted Provenance is cryptographically signed by a trusted CA

Key benefits

Provenance from creation

Attach a signed credential at the moment of capture or creation, establishing an unbroken chain of custody.

Tamper detection

Any modification to the file after credentialing breaks the manifest signature, detectable by any C2PA-aware viewer.

AI disclosure

Disclose AI generation or AI assistance in a standardized, machine-readable format, meets EU AI Act and emerging platform requirements.

Open standard

C2PA is supported by Adobe, Google, Microsoft, Intel, BBC, Reuters, Nikon, Leica, and hundreds of other Content Authenticity Initiative members.

Verifiable anywhere

Content credentials can be verified at verify.contentauthenticity.org and in C2PA-aware tools, no proprietary verification system required.

Issued by an authorized CA

SSL is an authorized C2PA certificate issuer, credentials signed with SSL certificates are recognized across the C2PA ecosystem.

Who is it for?

News agencies & wire services

Sign photographs and video at point of capture, downstream publishers and platforms can verify provenance.

Broadcasters & publishers

Broadcasters and publishers authenticate editorial content and disclose AI involvement: cryptographic provenance trails that survive syndication, aggregation, and republication.

Photographers & videographers

Photographers and videographers protect their work with verifiable attribution at the file level: provenance that survives cropping, format conversion, and platform reposting.

Brands & advertising agencies

Brands and advertising agencies authenticate campaign creative and prove content hasn’t been altered: essential as AI-generated brand impersonation grows as an attack vector.

AI content platforms

AI content platforms label AI-generated or AI-assisted content in a standardized, compliant format: ready for emerging disclosure regulations under the EU AI Act and US state laws.

Camera & capture tool manufacturers

Camera and capture tool manufacturers embed C2PA signing at the hardware or firmware level: provenance bound to content at the moment of capture. Leica, Sony, Nikon are early adopters.

Request C2PA Certificate access

Contact our C2PA solution architects to design a customized implementation. Our team will confirm your organization’s eligibility, validation requirements, and integration options for embedding C2PA signing into your publishing or capture workflow.

How it works

1: Certificate issuance

SSL.com issues your C2PA Certificate after validating your organization’s legal identity and domain control under CA/B Forum procedures: verified at the same tier as public TLS certificates.

2: Integrate into your workflow

Use the certificate with C2PA-compliant tools (Adobe tools, c2patool CLI, custom implementations) to sign content manifests.

3: Sign content

When you publish or distribute content, the C2PA manifest is attached and signed with your certificate.

4: Verification

Recipients, platforms, and tools can verify the credential, confirming origin, checking for alterations, and reading any AI disclosure.

Compatibility

Adobe

Photoshop, Lightroom, Premiere

Native C2PA signing support: sign credentials at export across the Creative Cloud suite

Open source

c2patool CLI

Open-source command-line tool for signing and verifying C2PA manifests in any workflow

Hardware

Digital cameras

Hardware-level C2PA signing at point of capture: provenance from the moment of creation

Verify tool

Content Credentials verify

verify.contentauthenticity.org: publicly available verification for any C2PA-credentialed content

Platforms

LinkedIn, Google Search & more

Growing platform support: major platforms implementing C2PA credential display

Compliance & standards

C2PA Specification (v2.x)

SSL issues certificates per the C2PA specification, credentials signed with SSL certificates are recognized across the ecosystem.

EU AI Act

Requires disclosure of AI-generated content, C2PA manifests provide a standardized, machine-readable disclosure mechanism.

Content Authenticity Initiative (CAI)

SSL is a CAI member, C2PA certificates issued by SSL are part of the CAI trust framework.

Frequently asked questions

A C2PA Certificate signs the content manifest, proving it's authentic and unaltered. A CAWG Identity Assertion embeds your verified organizational or personal identity inside the manifest. They complement each other: use both for maximum attribution and trust.

Yes, you can sign existing content with a C2PA manifest. However, provenance established at the point of creation is more authoritative than retroactive signing. Best practice is to sign at capture or creation.

C2PA supports JPEG, PNG, TIFF, WebP, MP4, MOV, MP3, WAV, HEIC, PDF, and others. Support is expanding as the standard matures.

Recipients can verify content at verify.contentauthenticity.org without any special software. C2PA-aware tools (Adobe apps, certain browsers) display credentials inline.

Frequently Asked Questions

Common questions about this product

A C2PA certificate is a signing credential used to create content credentials, cryptographic provenance assertions embedded directly into image, video, audio, and document files. The certificate binds the creator's verified identity to the content, records the tools and edits involved in its creation, and flags AI involvement if applicable. Any C2PA-supporting viewer or platform can verify the credential and display the provenance information to the audience.
When a C2PA-signed asset is modified after signing, the cryptographic hash embedded in the C2PA manifest no longer matches the file's current state. This mismatch is detectable by any C2PA-compliant viewer, the provenance information is shown as invalid or incomplete, signaling to the viewer that the content has been altered since the original signing.
C2PA is supported by Adobe (Photoshop, Lightroom, Firefly), Microsoft (Bing Image Creator), Google, Leica, Nikon, Sony, the BBC, Reuters, and the Associated Press, among many others. The Content Authenticity Initiative (CAI) maintains a growing list of participating organizations. Browsers and social platforms are implementing C2PA verification as the standard matures.
C2PA is the leading technical mechanism for satisfying the EU AI Act's mandatory disclosure requirements for AI-generated content, which require machine-readable labeling of synthetic media. Organizations deploying AI-assisted content workflows can embed C2PA provenance disclosures at the point of creation, creating an auditable record of AI involvement that regulators and platforms can verify.
A C2PA certificate establishes content provenance, proving the content is authentic and recording its creation history. A CAWG (Content Authenticity Working Group) certificate goes further, embedding verified organizational or individual identity inside the content credential. C2PA proves the content is real; CAWG proves who created it, with that identity independently verified by SSL.com as a trusted CA.

Related products

CAWG Identity Assertions

Add verified organizational or personal identity inside your C2PA manifest, so viewers see who created the content, confirmed by SSL as a trusted CA.

Explore CAWG Identity Assertions

VMC, Verified Mark Certificate

Authenticate your brand in email alongside content distribution, your logo appears in supporting email clients, confirmed by a trusted CA.

Learn more

IV S/MIME

Verified journalist or individual identity in editorial email, personally signed email from an SSL-validated individual.

Learn more

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.

Take Survey
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

For more information read ourĀ Cookie and privacy statement.

3rd Party Cookies

This website uses Google Analytics & Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping these cookies enabled helps us to improve our website.

Show details
Powered by  GDPR Cookie Compliance