New CA release 4.7

A new CA release 4.7 was rolled out on Monday. This release includes some extensions, e.g. the possibility of adding a domain free of charge to an existing Managed PKI.

Managed PKI customers have the option to add new domains free of charge to their managed PKI. At present, the method of file based authentication is available. To do this, log in as an access responsible for your managed PKI. The new "Managed Domains" menu item under the main menu "MPKI Domains Verification" allows you to enter a domain to be verified. You will then see a secret that you must store in a file <domain>/.well-known/pki-validation/swisssign-check.txt without any additional entries. For 30 days, this file is searched at regular intervals and investigated for the secret. If this file has been found with the correct content, our fulfillment is assigned with the addition of your domain. You will then receive an e-mail about the addition of your domain to the Managed PKI. The domain can then be used for both e-mail and SSL certificates.

This service will be extended in the future to other procedures allowed by the CA Browser Forum (e.g., DNS Check). You are, of course, free to use the paid service to order and manually add domains.

Furthermore, the web interface has been adapted to the new corporate design.

Code Signing products now have a maximum validity of 3 years. It is mandatory that the key pair for the code signing certificate be generated on an HSM. This HSM must have at least the FIPS-140-2 Level 2 standard.

On July 31, 18h00, the certificate of the site ra.swisssign.net is changed. If you make your access dependent on this certificate, you must adapt it. The new certificate can be found here:

-----BEGIN CERTIFICATE-----

MIIJDzCCB/egAwIBAgIUcWV8vGyXdBepM3iZr0QgeinKy8swDQYJKoZIhvcNAQEL

BQAwTjELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEoMCYGA1UE

AxMfU3dpc3NTaWduIEVWIEdvbGQgQ0EgMjAxNCAtIEcyMjAeFw0xNzA3MDMxNzUx

MTRaFw0xOTA3MDMxNzUxMTRaMIH2MRMwEQYLKwYBBAGCNzwCAQMTAkNIMRgwFgYL

KwYBBAGCNzwCAQIMB1rDvHJpY2gxGDAWBgNVBAUTD0NIRS0xMDkuMzU3LjAxMjEd

MBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYTAkNIMRAwDgYD

VQQIDAdaw7xyaWNoMRMwEQYDVQQHEwpHbGF0dGJydWdnMQ0wCwYDVQQREwQ4MTUy

MRcwFQYDVQQJDA5Tw6RnZXJlaXN0ciAyNTEVMBMGA1UEChMMU3dpc3NTaWduIEFH

MRkwFwYDVQQDExByYS5zd2lzc3NpZ24ubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOC

AQ8AMIIBCgKCAQEAwnyeBeIYUfDIodm3GdrUWoOYTjLsmgBJeLQcHPZc/9tuLyNS

2F3Ld62W/qiVOJm3hBPq5WOf+AKyxrZ2IF1fZbG33f9sVO6qz7AOz7lkWJKUzMSe

Tiy0bMwDSANNjm2jCdi9766IyAWTJc0c2A/GQXFI9vLwNCYRdUThChnmZx8uHkHE

IjTLOVto4phVbG4IVvKrf08C7qiikY1KzvNGLR/Wfq5hN62SY0mCY+mjJ7GuVFgE

ta+3LiVlCDUfrhqR0w5J0hU4HwD5dSXX83r7OoqoSt8EpzMeN2eAUBVqf1iLp5M1

BynuvehkKAMjx2VqgQBrEifUZRNrwDbBBojf0QIDAQABo4IFOjCCBTYwGwYDVR0R

BBQwEoIQcmEuc3dpc3NzaWduLm5ldDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw

FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBTKIVlX+x7we0vBCJLCHW0b

a4BQZTAfBgNVHSMEGDAWgBTu/UbK9ydekbxatueHzQr6VQomQjCB/wYDVR0fBIH3

MIH0MEegRaBDhkFodHRwOi8vY3JsLnN3aXNzc2lnbi5uZXQvRUVGRDQ2Q0FGNzI3

NUU5MUJDNUFCNkU3ODdDRDBBRkE1NTBBMjY0MjCBqKCBpaCBooaBn2xkYXA6Ly9k

aXJlY3Rvcnkuc3dpc3NzaWduLm5ldC9DTj1FRUZENDZDQUY3Mjc1RTkxQkM1QUI2

RTc4N0NEMEFGQTU1MEEyNjQyJTJDTz1Td2lzc1NpZ24lMkNDPUNIP2NlcnRpZmlj

YXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRp

b25Qb2ludDBfBgNVHSAEWDBWMFQGCWCFdAFZAQIBATBHMEUGCCsGAQUFBwIBFjlo

dHRwOi8vcmVwb3NpdG9yeS5zd2lzc3NpZ24uY29tL1N3aXNzU2lnbi1Hb2xkLUNQ

LUNQUy5wZGYwgdEGCCsGAQUFBwEBBIHEMIHBMGQGCCsGAQUFBzAChlhodHRwOi8v

c3dpc3NzaWduLm5ldC9jZ2ktYmluL2F1dGhvcml0eS9kb3dubG9hZC9FRUZENDZD

QUY3Mjc1RTkxQkM1QUI2RTc4N0NEMEFGQTU1MEEyNjQyMFkGCCsGAQUFBzABhk1o

dHRwOi8vZ29sZC1ldi1nMi5vY3NwLnN3aXNzc2lnbi5uZXQvRUVGRDQ2Q0FGNzI3

NUU5MUJDNUFCNkU3ODdDRDBBRkE1NTBBMjY0MjCCAm8GCisGAQQB1nkCBAIEggJf

BIICWwJZAHcAAwGd8/2FppqOvR+sxtqbpz5Gl3T+d/V5/FoIuDKMHWsAAAFdCZP0

fwAABAMASDBGAiEAuP0CQWcH+DApQT+ijx70/Wjr3jz9qiIqRW+dTuQ9ebYCIQCR

ODrjoillwIQQQaUg4iJzDgsjahBDqGmQ3X/uWn1eBAB3AKS5CZC0GFgUh7sTosxn

cAo8NZgE+RvfuON3zQ7IDdwQAAABXQmT7+gAAAQDAEgwRgIhAPTNSunUAOSTuhIA

7Yz9bq+VuH4TMX2UrWp0nNu8NiliAiEAmSZ5tnpWa9TzCP9Q7PxY4NEseJh5fo9x

thhNqcGJYDMAdQC72d+8H4pxtZOUI5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAV0J

k/BJAAAEAwBGMEQCIDJg/In+oU5qaRsASDRrwhHXd+WiMWzTPZnaKaaxVhC6AiB4

0BjtXDeyrhXcblEOOaTZod16iSq7/7F9+RurXQDgGAB2AN3rHSt6DU+mIIuBrYFo

cH4ujp0B1VyIjT0RxM227L7MAAABXQmT7l0AAAQDAEcwRQIgFeXMA6CCX0KWsbfO

rQM44pSGoiQthmNCZdreGh73ftwCIQDGmSDHwc6gJK3vEFic0N+vAsOFQWxYaIm5

iHyKC2PvLQB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABXQmT

9BkAAAQDAEcwRQIhANnr4HG2LH75Bon7BZ9t/KkZZwVop6xUooG1reqfgfluAiAj

0dDxujyq1U5gIRBZ3Lq62H/Cq288s1qUxjjj3PN0iTANBgkqhkiG9w0BAQsFAAOC

AQEAFeDXaL4uVztJKhaB2no5Pd/tz6uprsu3QhZbuBWggFsXYxpvf41jHfVZM2ot

k09gypUXhIqjtUhydEjbP0l5h0g+gkq1jeea6FxI/3Gzl+WPum8yU/Zvknbys4Uf

sfT+NYcQzQyjauuK0mCwCcj/T7tf0EjHYs5EXCq42JBGa+erGxIgzmaJhJVA/YN4

/ME2bcaMgdpSbdK1Jncoq0TM+b14gjbKsB5dTVXlnV8rWMtO5a5vGWaZsWCQcgho

Rg2MXtAA8J+hA/Uq/iuwUJUVQ6jDTYi4ulH2ijwWbNxBkiJ0uYjUT5OPRugqvkIf

OuY0A6ewunPnsbBAZ31J8ybj7A==

-----END CERTIFICATE-----