A registration authority (RA) can be realized in different ways on the customer side independent of the application purpose of the digital identities. Every managed PKI customer has at least one RA and one RA operator (RAO). The RAO handles the certificate requests inside the organization. It is also possible to operate several RAs within an organization, with each having several RAOs. Or there is a super-RA, which has various sub-RAs (such as organization units). RAs and RAOs can be organized freely in line with the company’s requirements, for example by subsidiary, department, etc. RAs can also be tied into the SwissSign infrastructure in many different ways with different SwissSign CAs (silver or gold).
RAs are often implemented as web applications with an organization’s Intranet and integrated into the human resources department in organizational terms. SwissSign offers RA templates and a command toolkit for RAs that are realized as websites. The SwissSign Certification Authority (CA) supports certificate requests via the PKCS#10 interface. Applications can also send certificate requests directly to the CA via this interface. RAs do not have to be web applications. For example, secure e-mail gateway solutions can also generate the key pairs and automatic certificate requests directly. The customer also has the option of being able to host the RA page at SwissSign.
In any case, an RA can be integrated into the technical and organizational customer infrastructure very flexibly. 

The Scope of SwissSign Managed PKI Services
Managed PKI includes the operation of a CA in accordance with the detailed description in the SwissSign Silver G2 CP/CPS or SwissSign Gold G2 CP/CPS. The core part of this is the preparation, administration, and distribution of certificates. An index service (LDAP directory) to look up certificates, the distribution of invalidity declarations, and a service for checking the status of certificates are also part of the scope of Managed PKI services.

SwissSign Managed PKI is offered in the form of a license. The issuance of certificates around the clock is a basic included license service.

Silver and Gold
The difference between certificates labeled Silver G2 or Gold G2 CP/CPS when issued is limited solely to the quality of the RA registration process. The RA also defines the trustworthiness that can be granted to an issued certificate through the quality of the registration process.

The following table shows the most important differences between the registration processes for Silver and Gold.

Are you interested in the SwissSign Managed PKI offer? Then contact us please!