Navigate on SwissID

Product details

• Verification of identity on domain
• Issue time within seconds or minutes after application through simple domain validation via e-mail
• Duration: 1 year
• License can be used on an unlimited number of servers
• Warranty 10’000 CHF
• Full reimbursement within 30 days of issue
• Internationalised domain name (IDN) possible
• The certificate can also be obtained via Managed PKI
• Telephone and e-mail support in English, German and French
• After purchasing the certificate, the SwissSign Trust Seal will be available to use on your website.

Multi-year certificates

With multi-year certificates, you will benefit from attractive discounts. However, the validation and request for the certificate must be made annually despite the multi-year term.

Advice

• The SSL Silver Single-Domain (DV) certificate is also available as a SSL Silver Wildcard (DV).​​​​​​​

Technical details

• Recognised root CA
• Signature algorithm sha256WithRSA
• Public Key following RSA (Rivest, Shamir, Adleman) is authorized, requirements:
  - RSA key length 2048, 3072 or 4098 Bit
  - Asymmetric key exchange with modern "Perfect Forward Secrecy"
  - Legacy RSA encryption is also possible
• Compatible with all symmetric encryption algorithms for SSL/TLS with key length up to 256 Bit
• Key use: Digital signature, key encipherment, client authentication, server authentication
• Distribution on all common browsers and platforms. See Compatibility
• DNS CAA policies will be followed before authorization of the request
• Validation with OCSP and CRL
• OCSP stapling should be configured on the web server
• User account for certificate management
• Revocation service for the revoking of certificates
• Notification 30 days and 10 days prior to expiry of validity
• Application-specific entries in the certificate:
  • CN = common name: domain name FQDN (mandatory)
  • SAN (SubjectAlternativeName) domain name as mentioned in common name, additionally optionally also with prepended «www»
  • Further applicant-specific entries are not permitted and are removed from a CSR.​​​​​​​

Policy

• All applicable policies for public SwissSign certificates are published on the “Support\Repository” page. The policies specific to this certificate type are listed on the corresponding subpage.​​​​​​​

Validation is performed electronically

Domain verification for is ensured via an e-mail sent to one of the following addresses (freely selectable):

• admin@<Domäne>
• administrator@<Domäne>
• hostmaster@<Domäne>
• postmaster@<Domäne>
• webmaster@<Domäne>​​​​​​​

Information

• The mail account for the verification should already be available.
• SwissSign should be allowed to issue certificates for your domains according to the DNS entry (CAA policy)