A root user device associated with a user receives a request from a non-root user device associated with the user to issue a digital certificate to the non-root user device. The root user device utilizes a shared secret to determine whether the request is valid. If the request is determined to be valid, the root user device uses a public cryptographic key of a cryptographic key pair generated by the non-root user device to generate the digital certificate. The root user device digitally signs the digital certificate by using its private cryptographic key of a cryptographic key pair generated by the root user device. The root user device issues the digitally signed digital certificate to the non-root user device for use in authentication of the non-root user device.