CA hosting service

Outsource your own CA to the certified SwissSign environmentSeal CA Hosting

With CA hosting, SwissSign operates your public key infrastructure (PKI) for you in accordance with your specifications. If you prefer certificates will be issued from your own root certificate (root CA). You obtain and manage your certificates in a simple manner via our Managed PKI interfaces. You benefit from maximum flexibility, low costs and a high level of security by outsourcing your PKI to the secure, certified and specialised SwissSign environment.

You define the scope and parameters of the CA hosting service when placing your order. It is also possible to have your own CP/CPS. Among other things, you determine whether

  • a complete self-signed certification authority (CA) of your own is created,
  • you use an issuing certification authority (sub-CA) or
  • you exclusively obtain individual certificates directly from our internal not publicly trusted SwissSign CA.

You choose whether you only want to use your self-signed certificates internally or you want to use the same Managed PKI interface also for standard publicly trusted SwissSign certificates.

Request offer

 

With CA Hosting, we offer the following standard products. Other products are possible and are set up on a customer-specific basis.

SSL / device certificates

  • Use: Certificates on network-compatible devices for the encrypted exchange of data
  • Characteristics: Entry of domain name or several domain names (multi-domain). The domain names must be FQDN; no internal names or IP addresses. These certificates are also optionally available with a company entry.

E-mail certificates

  • Use: Certificates for signing and encrypting e-mails
  • Characteristics: Issued to e-mail addresses – the certificate can also optionally include a last name, first name and organisation entry.

Authentication certificates

  • Use: Certificates for authentication on systems
  • Characteristics: Contain a user ID or e-mail address, optionally also available with a last name, first name and organisation entry.

Certificates in the Microsoft environment

  • Use: Certificates which require the Microsoft V2 template, for authentication or server operation
  • Characteristics: Contain specific OIDs.
Thanks to the standardised CMC interface, you have access to high-performance partner applications for the auto-enrolment of certificates and for usage in your mail gateway or encryption solution. Your certificates are managed automatically and installed on end devices.

The hosted Managed PKI for self-signed certificates can be combined with certificates which are known to the root certificate store ("root store" or "trusted list") of operating systems and applications and thus classified as trusted.

Customers issue both trusted and self-signed certificates and manage these via a web interface or the CMC interface. Our partners offer products which can manage mixed – internal and external – certificates on an automated basis.

The service for self-signed certificates with root certificates that are not listed by the operating system and application manufacturers is offered as part of a Managed PKI service. You will profit from increasing volume discounts of a Managed PKI and you can always add publicly trusted standard certificates. All certificates are the base for the attractive volume discount. All self-signed certificates can be obtained for the same price independent from its type and properties.

You can purchase directly single self-signed certificates by placing a Managed PKI order. Please use our standard order form (MPKI offer tool) on the Managed PKI web site. In case you prefer to obtain your own issuing CA or even your own root CA you should at least order 10’000 self-signed certificates.

In the last case cost for setup of an own root and issuing CA, an optional OCSP service for validity check and support for drafting a CP/CPS will be added as non-recurring cost to the Managed PKI cost. Please ask in this case for a detailed offer.

For a hosted Managed PKI solution, please contact our Sales & Partner Management team:

E-mail: contracts@swisssign.com
Telephon: +41 44 838 36 00