Code Signing

Code Signing

The certificate for signing software and applications

Distribute secure and trusted software with SwissSign code signing: Who can say that they have never run installation software and received a warning such as "The publisher could not be verified. Are you sure you still want to install the application?" This useful warning is intended to protect trusting users from installing dangerous software.

Thanks to the code signature with the certificate of an official provider, the software is identified as trusted and having integrity (unchanged). This allows you to protect your users from the aforementioned dangers while at the same time helping you to ensure your customers do not lose faith in your services.




  • mastercard
  • VISA
  • PostFinance
  • Rechnung

Product details

  • Term of one, two or three years
  • Managed PKI: Yes, this certificate can also be obtained via Managed PKI.
  • Used to protect JAVA code, programs under Microsoft/Unix/Mac/Mobile, Office macros
  • Not suitable for operating system-related Microsoft driver programs (see information below) and Apple apps
  • Telephone and e-mail support in German, English and French
  • The certificate is issued two days following receipt of all information on the applicant

Please note: The key pair for the code signing certificate has to be created on a hardware security module (FIPS 140-2 level 2). Soft certificates may no longer be used according to the new Microsoft regulations.


Technical details

  • Recognised root CA
  • SHA-2 hash algorithm
  • Encryption of up to 256 bits
  • Key length of up to 2,048 bits
  • Key use: Digital signature, code signature / code signing, Microsoft individual code signing, Microsoft commercial code signing
  • Distribution: All common browsers and platforms. See Compatibility
  • License can be used on an unlimited number of servers.
  • Validation with OCSP and CRL
  • User account for certificate management
  • Revocation service for the revoking of certificates
  • Notification 30 days and 10 days prior to expiry of validity
  • Applicant-specific entries in the certificate:
    • CN=common name: Organisation or name (obligatory)
    • O=organisation (optional if name)
    • OU=organisational unit (optional)
    • C=country (mandatory)
    • L=location (mandatory)
    • ST=canton / federal state (optional)
    • Period of validity
    • Further applicant-specific entries are not permitted and are removed from a CSR



  • All binding guidelines for this certificate type are stipulated in the relevant Certificate Policy and Certification Practice Statement (CP/CPS): SwissSign Gold CP/CPS

Software development

Using a code signing certificate, you sign your programs for various platforms.

This provides you with the following benefits:

  • Trustworthiness: Your software is identified as trusted upon installation.
  • Unlimited number of signatures: With SwissSign code signing, you can sign an unlimited number of applications.
  • Just one certificate for all platforms: With SwissSign code signing, you can sign an unlimited number of applications for all important platforms such as Windows, Android, Java and Mac using a single certificate.
  • Free SwissSign time stamp: With an official time stamp, you ensure that the validity of your signature does not expire.
  • Online validation: SwissSign code signing signatures are validated online in real-time (OCSP).

Please note: Apple requires its own certificate for its apps in the Apple Store. For certain drivers that are very operating system-oriented, Microsoft also only uses EV code signing certificates. The SwissSign code signing certificate is not an EV certificate.

Please submit the following documents by post

  • Original copy of the signed application form. You will receive the application form automatically via e-mail after redeeming the license at
  • Copies (front and reverse) of a passport or identity card (Switzerland, Liechtenstein or EU) belonging to the applicant
  • For public institutions: Excerpt from the Federal State Calendar or other proof of the organisation's existence on request
  • Copies (front and reverse) of a passport or identity card (Switzerland, Liechtenstein or EU) belonging to the authorised signatory(ies) and/or co-signatory(ies) in accordance with the commercial register / Federal State Calendar.
  • Information on type number and manufacturer of the HSM used for key generation. Please submit a photo showing the used HSM with type plate. If you use an HSM service in the cloud (e. g. Microsoft Key Azure Vault), specify the service and contract ID, and copy the parts of the contract showing that you are entitled to use this service. The HSM or HSM service must be certified as FIPS 140-2 level 2 by NIST:



  • For requests outside Switzerland: In order to minimise the time and resources required in connection with unsuccessful requests, please send a scan of the above-mentioned documents to the following address for clarification in advance: You must accept JavaScript in order to view them.
  • Language: Please submit your documents in German, English or French. Documents in other languages or composed using non-Latin characters must be translated into one of the three mentioned languages and the translation must be notarised. To this end, organisations based outside the EU and Liechtenstein again also require notarisation based on the Hague Apostille.

Write Your Own Review

Only registered users can write reviews. Please, log in or register