E-Mail ID Gold (OV)
Sign, encrypt and authenticate
Using the E-Mail ID Gold (OV) certificate, you can sign and encrypt your e-mails in a trusted manner with all popular e-mail programs and mail gateways. You can also use it for authentication (login) purposes.
The software-based certificate contains the validated e-mail address, the verified data of the applicant and, in the case of the option with an organisation entry, the checked organisation data.
- Verification of identity: E-mail address and name or pseudonym of the applicant.
- Term of one, two or three years
- Entry of organisation (e.g. company) is possible.
- Software-based, i.e. certificate file
- An unlimited number of copies can be used on laptops, PCs and mobile devices.
- Managed PKI: Yes
- Telephone and e-mail support in German, English and French
- The certificate is issued two days following receipt of all submitted documentation.
- Recognised Root CA
- SHA-2 hash algorithm
- Encryption of up to 256 bits
- Key length of up to 2,048 bits
- Key use: Digital signature, non-repudiation, key encipherment, key agreement, secure e-mail
- Distribution: All common browsers and platforms. See Compatibility
- License can be used on an unlimited number of computers and mobile devices.
- Validation with OCSP and CRL
- User account for certificate management
- Revocation service for the revoking of certificates
- Notification 30 days and 10 days prior to expiry of validity
- Support of directory services (LDAP) for mutual key exchange under the search field at www.swisssign.net or under directory.swisssign.net with the search basis ‹o=SwissSign,c=CH›
- Applicant-specific entries in the certificate:
- CN=common name: First name, last name or pseudonym (mandatory)
- Pseudonym is defined with the prefix ‹pseudo›: and can, for example, be used for general mailbox accounts (e.g. sales). The applicant is responsible for this pseudonym.
- C=country (mandatory)
- E=e-mail address (mandatory)
- ST=canton, federal state (optional)
- O=organisation (mandatory for organisation entry): Please select option "with organisation entry".
- OU=organisational unit (optional for organisation entry): Please select option "with organisation entry".
- Period of validity
- SAN (SubjectAlternativeName) entry contains the e-mail address.
- Further applicant-specific entries are not permitted and are removed from a CSR.
- All applicable policies for public SwissSign certificates are published on the “Support\Repository” page. The policies specific to this certificate type are listed on the corresponding subpage.
Secure e-mail communication with SwissSign e-mail certificates
An e-mail in the digital world is like a postcard in the physical world. It can be intercepted, read and modified, while the sender details can also be changed. With e-mail certificates, you ensure that
- the identity of the sender is confirmed,
- the integrity (authenticity) of the message is guaranteed and
- access by third parties is prevented.
And all this with minimal effort.
E-Mail ID Gold
An E-Mail ID Gold certificate is subjected to a more stringent check: The company must personally know the employee in the context of a managed PKI. The probability of fraud is lower with a Gold certificate than is the case with a Silver certificate. We recommend the Gold quality level when it comes to confidential e-mail communication with customers and business partners. Phishing e-mails are bad for your business and you should avoid them.
An E-Mail ID Gold certificate with the organisation entry option also identifies the individual as a member of an organisation. For companies, it makes sense to use this variant exclusively. With such a certificate, the existence and business activity of the company is checked. The company in turn confirms that the person in question works for it and can revoke the certificate at any time if the individual leaves the company.
Do you also require the e-mail certificate in order to ensure a secure login procedure for your systems (authentication)? If so, you definitely require an e-mail ID Gold certificate, as the Silver certificate does not offer this function.
Signing of documents
With all certificates, it is technically possible to sign PDF documents. However, Adobe only lists hardware-based certificates in its certificate store as trusted certificates. Only if, for example, you install Adobe PDF in your company in such a way that it accesses the Windows certificate store, documents signed with e-mail ID Gold will be shown by Adobe PDF reader as validly signed. For this reason, it is recommended to use the hardware-based Suisse ID (personal certificate) or the SwissSign organisation certificate for the signing of PDF documents.
Office documents – Word, Excel, etc. – can generally be signed with Silver and Gold certificates, however.
E-Mail certificates for companies
We offer the E-Mail ID Gold in context of our Managed PKI certificate service. Here, no individual check of the person and e-mail address is performed. Instead, the company is subjected to a one-time check and is then able to issue certificates for one or more requested e-mail domains and organisations. A company registration authority is then independently responsible for the individual verification of the E-Mail ID Gold certificates. Furthermore, numerous partner applications are linked to SwissSign via automated interfaces, meaning that the issuing and extension of certificates take place on a fully automated basis without additional administrative work.
Please conclude a Managed PKI contract for the purchase of email ID Gold certificates.
Do you have any questions? Visit our FAQ page.