Root signing service

Root Signing Service


Do you operate your own CA? Do you offer certificates internally or to your customers and partners? Would you like your certificates to be accepted as trusted by browsers, e-mail programs and operating systems?

If so, Root Signing is a possible solution for you. With Root Signing, your certification authority (CA) will be signed by the SwissSign CA, which is recognised as trusted worldwide. This allows you and your customers to benefit from the faith placed in SwissSign and your certificates will be automatically classified as trusted.

Root Signing requires the following:

  • Fulfilment of the baseline requirements of the CA/Browser Form
  • Annual certification through a qualified auditor in accordance with the ETSI or WebTrust guidelines
  • Compliance with the contractual terms aimed at minimising the risk of the erroneous issuing of certificates
  • Assumption of liability in the event that provisions are breached

As an alternative to Root Signing, we recommend Managed PKI. Here, the CA and responsibility for the issuing of certificates remain with SwissSign. Nevertheless, you are hardly affected as regards the names and certificate types used. Make use of our partner tools, which replicate the Microsoft CA and automatically acquire certificates from the SwissSign Managed PKI. Or use our standardised CMC interface to automatically procure certificates from your application. This allows you to benefit from a high level of flexibility while enjoying lowers costs and considerably less risk!

Compare Root Signing and Managed PKI.

Regardless of which option you are considering – we will work together with you to find the best solution. Get in touch with us! Please contact our Sales & Partner Management team via e-mail at or by calling +41 848 77 66 55.


Request offer