OV SSL Gold Single-Domain | SwissSign
A data security specialist by Swiss Post

Main section


Product details

  • Verification of identity: Domain, applicant and organisation
  • Issue time within 1 to 2 working days after application
  • Wildcard entries are possible with the option Multi-Domain
  • Duration: 1 year
  • License can be used on an unlimited number of servers
  • Warranty 100’000 CHF
  • Entry of organisation (e.g. company) in the certificate
  • Wildcard entries are possible with the option Multi-Domain
  • Full reimbursement within 30 days of issue
  • Internationalised domain name (IDN) possible
  • The certificate can also be obtained via Managed PKI
  • Telephone and e-mail support in English, German and French
  • After the Sale of the certificate the SwissSign seal is provided in the customer login

Multi-year certificates

With multi-year certificates, you will benefit from attractive discounts. However, the validation and request for the certificate must be made annually despite the multi-year term.


  • The SSL Gold Certificate is also available as a Wildcard Certificate.
  • For orders with multiple domains (Multi-Domain) the free of charge protection of domains with and without “www” is not included. Please define your domain entries one by one.

Technical details

  • Recognised root CA
  • Signature algorithm sha256WithRSA
  • Public Key following RSA (Rivest, Shamir, Adleman) is authorized, requirements:
    - RSA key length 2048, 3072 or 4098 Bit
    - Asymmetric key exchange with modern "Perfect Forward Secrecy"
    - Legacy RSA encryption is also possible
  • Compatible with all symmetric encryption algorithms for SSL/TLS with key length up to 256 Bit
  • Key use: Digital signature, key encipherment, client authentication, server authentication
  • Distribution on all common browsers and platforms. See Compatibility
  • DNS CAA policies will be followed before authorization of the request
  • Validation with OCSP and CRL
  • OCSP stapling should be configured on the web server
  • User account for certificate management
  • Revocation service for the revoking of certificates
  • Notification 30 days and 10 days prior to expiry of validity
  • Application-specific entries in the certificate:
    • CN = common name: domain name FQDN (mandatory)
    • O= organisation (mandatory)
    • C = country (mandatory)
    • L = location (mandatory if there is no ST attribute)
    • ST = canton, federal state (mandatory)
    • SAN (SubjectAlternativeName) domain name same as in the Common name, optional entry with prepending www in case only a certificate with one domain entry was selected. With the option Multi-Domain additional domain or subdomain entries with additional domains or Wildcard entry
    • Further applicant-specific entries are not permitted and are removed from a CSR.


  • All applicable policies for public SwissSign certificates are published on the “Support\Repository” page. The policies specific to this certificate type are listed on the corresponding subpage.


  • You can download the application form directly from the swisssign.com portal during the ordering process. You will find further information on which additional documents (e.g. copies of an ID document) you need to submit online with the signed application form.
  • Language: Please submit your documents in German, English or French. Documents in other languages or composed using non-Latin characters must be translated into one of the three mentioned languages and the translation must be notarised. To this end, organisations based outside the EU and Liechtenstein again also require notarisation based on the Hague Apostille.
  • Should you wish to request several Gold-level certificates, you can use your organisation's or domain owner's authorisations: authorisations​​​​​​​ (PDF, 168 KB)
  • SwissSign should be allowed to issue certificates for your domains according to the DNS entry (CAA policy)