The SwissSign organisation certificate is a non-personal certificate. It is exclusively issued to organisations (companies and authorities).
With the SwissSign organisation certificate, you can sign electronic invoices and archive documents in a GeBüV-compliant manner. This certificate complies with the Federal Department of Finance's Ordinance on Electronic Data and Information (EIDI-V) and the Company Accounts Decree (OElDI).
Revoked certificates are listed in so called certificate revocation lists. Or they will be published by the online service OCSP which validates online current validity of a certificate. Certificate revocation lists can be downloaded here:
Each SwissSign certificate is signed by a SwissSign intermediate certificate. The SwissSign intermediate certificate is again signed by a SwissSign root certificate. In order to have a trustful certificate it is necessary to install the complete certificate chain e.g. on a web server. All operation systems and browsers have included the SwissSign root certificate but the SwissSign intermediate certificate must be installed. Either it is possible to download the end certificate including the complete certificate chain on swisssign.net or the SwissSign intermediate certificate will be installed later.
Each SwissSign certificate is signed by a SwissSign intermediate certificate. The SwissSign intermediate certificate is again signed by a SwissSign root certificate. In order to have a trustful certificate it is necessary to install the complete certificate chain e.g. on a web server. All operation systems and browsers have included the SwissSign root certificate but in some special cases it might be necessary to install the root certificate. Either it is possible to download the end certificate including the complete certificate chain on swisssign.net or the SwissSign root certificate will be installed later.
The certificate does not contain the name of the requesting person but only the name of the organization and, if necessary, specifying information such as the branch or department, country of the headquarters of the organization or information on the town or canton.
In terms of quality there is no difference – both are non-personal certificates of Platinum level. They differ only in the performance and the storage device. The organization certificate for HSM can also be ordered for a validity period of up to 5 years, the organization certificate as a smart card only for up to 3 years.
The performance of the smart card is around one signature per second (up to 3,500 signatures per hour). Storage device: smart card or USB token (included in delivery). Use in the hardware security module (HSM) enables very high performance and high availability over many years.
A hardware security module (HSM)/cryptographic module is a hardware unit in which secret keys can be protected against unauthorized access, generated, stored and used.
The issuance speed for SwissSign certificates depends on the certificate type and reaches from a few seconds up to 10 business days for certificates, which require an intensive manual verification of the requester, of the organization or of the domain. These deadlines are valid after reception of the registration documents by SwissSign and can be held under the exclusive condition that all documents are correct and complete.
An exception are those certificates with automated issuance, which do not require submission of documents (eg. domain-validated-only SSL). These certificates are usually issued immediately.
Issuance speed for SSL Certificates:
Issuance speed for Personal Certificates:
Issuance speed for Organization Certificates:
These deadlines are standard values and may be subject to extraordinary exceptions (eg. important workload of the registration authority)
The company accounts decree (GebüV) contains the following passages:
Art. 2 Principles of correct bookkeeping and storage of accounts
If the account books are kept and stored electronically or in a comparable way and the vouchers are collected and stored electronically or in a comparable way, then the principles of correct data processing must be observed.
Art. 3 Integrity (authenticity and protection against falsification)
The account books must be kept and stored and the vouchers collected and stored in such a way that they cannot be changed without this being detected.
The essential requirements of are therefore proof of the integrity and the origin of the document. OelDI, however, stipulates that a digital signature with an advanced, hardware-based certificate is necessary in this case.
The SwissSign organisation certificate meets the requirements of the Ordinance of the Swiss Federal Department of Finance on Electronic Data and Information (OelDI) and the technical and administrative regulations (TAV) for CAs with regard to the issue of certificates based on advanced signatures.
This means that when signing electronic invoices and archiving documents according to GebüV with this OelDI-compliant certificate and qualified time stamp, this is legally compliant and audit-proof, in particular also when it is a matter of documents relevant for VAT.
Further information: www.estv.admin.ch
Since the Organization Certificate is accepted by PDF reader (Adobe) it could be beneficial for everybody to proof the non-repudiation and integrity of a document. In this way the organization certificate can also be used by a foreign organization to show to their communication partner that the document (PDF) was not changed after signature.
But you must be aware that this does not include automatically the conformity to OElDI (Swiss law concerning the handling of VAT documents) for foreign organizations. If foreign organizations want to use the Organization Certificate to be compliant with OElDI (because they deal with Swiss relevant VAT documents) they should first consult the law situation in Switzerland. Some points must be considered (not exhaustive list):
A third party (OElDI 9) must be registered in the Swiss trade registry.
Prerequisites of data storage and unlimited access to the data from Switzerland (OElDI 10)
Electronic invoices have to be digitally signed according to the Swiss Tax Administration ESTV. See here for the reasons. Here SwissSign offers the product Platinum organisation certificate on a smart card.
Example of a VAT-compliant digitally signed invoice (PDF, 532 KB)