• Code signing and timestamping[x]

    With an official timestamp in your Code Signing signature you ensure that the trustworthiness of the signature does not expire at the same time as the certificate. Thanks to the timestamp the software of the user can differentiate between a code which was signed with an expired certificate and which should not be trusted, and a code which has been signed with a certificate that was valid at the time of signature but expired afterwards.
    Please note that the SwissSign Timestamping service only works with the Microsoft Sign Tool (SignTool.exe) from Windows 7+ SDK.

  • How do I obtain my certificates after a successful purchase?[x]

    After having purchased your certificates in the SwissSign webshop, please proceed as follows in order to obtain them:

    1. Login to your customer account at www.swisssign.com/myswisssign.
    2. Select "My Licenses" in the user menu on the left side and start the activation procedure for your certificate by clicking on the key-icon at the right end-of-line.
    3. You will now be redirected to the interface for the technical certificate request. Please follow the instructions of the request procedure.
    4. After your application has been checked and accepted, you will receive an e-mail with a link, where you can download your certificate.

    Need help to manage your orders? Please refer to our help section: http://www.swisssign.com/myswisssignhelp

  • How long do I have to wait for my SwissSign Certificate?[x]

    The issuance speed for SwissSign certificates depends on the certificate type and reaches from a few seconds up to 10 business days for certificates, which require an intensive manual verification of the requester, of the organization or of the domain. These deadlines are valid after reception of the registration documents by SwissSign and can be held under the exclusive condition that all documents are correct and complete.

    An exception are those certificates with automated issuance, which do not require submission of documents (eg. domain-validated-only SSL). These certificates are usually issued immediately.


    Issuance speed for SSL Certificates:

    • SSL Silver: a few seconds or minutes
    • SSL Silver Wildcard: a few seconds or minutes
    • SSL Gold: up to 2 business days
    • SSL Gold Wildcard: up to 2 business days
    • SSL Gold UCC / SAN: up to 2 business days
    • SSL Gold EV (Extended Validation): 5 to 10 business days

     

    Issuance speed for Personal Certificates:

    • Personal Silver ID: a few seconds or minutes
    • Personal Gold ID: up to 2 business days
    • Employee Gold ID: up to 2 business days

     

    Issuance speed for Organization Certificates:

    • Organization Certificate on Smartcard: 5 to 10 business days (except hardware delivery outside Switzerland)
    • Organization Certificate for HSM: 5 to 10 business days

     

    Issuance speed for other Certificates:

    • Code Signing Certificate: up to 2 business days

    These deadlines are standard values and may be subject to extraordinary exceptions (eg. important workload of the registration authority). In addition, processing time for countries, in which SwissSign has not yet issued certificates, may exceed the indicated deadlines.

  • I have received a new certificate, and can no longer read my encrypted data[x]

    You need the corresponding private key in order to decrypt the data. You must make sure that your old encryption certificate is still imported in your browser. This is the only way to decrypt data that was encrypted using your old certificate. If the certificate no longer exists in your browser, log in to your SwissSign profile and re-import the certificate. To do this, you will need the 16-character password you entered when you created the certificate.

  • I’ve forgotten the pass phrase for my user account on swisssign.net, what do I do? [x]

    Contact your RA. Send us a digitally-signed e-mail to identify@swisssign.com

    We can identify you from your signature and can then set a new password. If you are unable to sign an e-mail digitally, send us a request by post including a copy of your ID card or passport and a handwritten signature.

  • Problems renewing your ID: Error code -12227[x]

    This error message means there is no certificate available for authentication, or the certificate has expired. If the certificate has expired, create a new certificate.

  • What do the Privacy levels mean?[x]

    In the technical user account at swisssign.net (menu entry „My Certificates“, last column at the right) you can select under „Privacy“ between „Private“, „Public Lookup“ and „Public Download“. This option is related to the public part of your certificate and determines its visibility to third parties:

    • Private: with this option the certificate cannot be found. The certificate and the subject are not listed in the LDAP directory. Under the menu entry "Search for IDs" at swisssign.net your certificate will be published neither.
    • Public Lookup: with this option only the status of the certificate (revoked, active etc.) will be shown. In that sense the certificate is publicly verifiable and the subject is published in the LDAP directory and at swisssign.net.
    • Public Download: with this option the public part of the certificate (subject und public key) is published and can be downloaded by anybody. This option is particularly helpful in case you use your certificate for e-mail encryption. With this your future communication partners are able to download your public key, which is necessary for encrypting messages with you.

     

    The option „Public download“ is selected by default.
    For server certificates this option is not really important, since the status of the certificate can be verified anyway by anybody and at anytime via CRL or OCSP (links are included in the certificate). This independently of the selected Privacy level.

  • Will I be notified before expiration of my SwissSign certifi[x]

    Yes, you will receive an e-mail 30 days and 10 days bevore expiration of your SwissSign certificate.

  • What do CA and RA mean? What are CAOs and RAOs?[x]

    A CA (Certification Authority) issues the certificates after an RA has verified the requester and approved the certificate request. The CA signs the issued certificates to verify their authenticity.
    An RA (Registration Authority) is a registration department that checks the requester and corresponding request for the existence of a certificate. The RA vouches for the fact that the information that represents these individuals is correct and is available in the form of certificates. The CA only issues a certificate after the RA has approved the request.
    CAOs and RAOs are operators for the CA or RA; they are people with specific functions and duties relating to the CA or RA.

  • What does "revocation" mean? [x]

    Revocation is the process that makes a certificate invalid. Revoked certificates are listed in the CRL (Certificate Revocation List), and the CRL is published by the CA as per the corresponding CP/CPS.

    When an encryption certificate is revoked, it is extremely important that you store the corresponding private key. You will still need this key to decrypt data that was encrypted using the old (revoked) certificate. When a signing certificate is revoked, you can safely delete the private key, because you can no longer use it to create valid signatures.