An e-mail in the digital world is like a postcard in the physical world. It can be intercepted, read and modified, while the sender details can also be changed. With personal certificates, you ensure that
And all this with minimal effort.
In the case of a Silver personal certificate, it is only validated via an automated e-mail whether the email-address in question actually exists. The certificate is therefore available within a matter of seconds or minutes of the order being placed. For those looking for an efficient way of signing and encrypting a certificate, a Sliver certificate suffices.
A Gold personal certificate is subjected to a more stringent check: A copy of an identification document with a written request must be provided. The probability of fraud is lower with a Gold certificate than is the case with a Silver certificate. The Gold quality level is especially recommended when it comes to confidential e-mail communication with customers and business partners. Phishing e-mails are bad for your business and need to be avoided.
A Personal Gold ID certificate with the organisation entry option also identifies the individual as a member of an organisation. For companies, it makes sense to exclusively use this variant. With such a certificate, the existence and business activity of the company is checked. The company in turn confirms that the person in question works for it and can revoke the certificate at any time if the individual leaves the company.
Do you also require the personal certificate in order to ensure a secure login procedure for your systems (authentication)? If so, you definitely require a Personal Gold ID certificate, as the Silver certificate does not offer this function.
With all certificates, it is technically possible to sign PDF documents. However, Adobe only lists hardware-based certificates in its certificate store as trusted certificates. For this reason, it is recommended to use the hardware-based Suisse ID (personal certificate) or the SwissSign organisation certificate for the signing of PDF documents.
Office documents – Word, Excel, etc. – can generally be signed with Silver and Gold certificates, however.
Should you use personal certificates throughout your company, we recommend our Managed PKI service. Here, no individual check of the person and e-mail address is performed. Instead, the company is subjected to a one-time check and is then able to issue certificates for one or more requested e-mail domains and organisations. Furthermore, numerous partner applications are linked to SwissSign via automated interfaces, meaning that the issuing and extension of certificates take place on a fully automated basis without additional administrative work.
Revoked certificates are listed in so called certificate revocation lists. Or they will be published by the online service OCSP which validates online current validity of a certificate. Certificate revocation lists can be downloaded here:
Each SwissSign certificate is signed by a SwissSign intermediate certificate. The SwissSign intermediate certificate is again signed by a SwissSign root certificate. In order to have a trustful certificate it is necessary to install the complete certificate chain e.g. on a web server. All operation systems and browsers have included the SwissSign root certificate but the SwissSign intermediate certificate must be installed. Either it is possible to download the end certificate including the complete certificate chain on swisssign.net or the SwissSign intermediate certificate will be installed later.
You can protect your web sites agains man-in-the-middle attacks. In case of man-in-the-middle attacks an agressor uses the copy of your web site and protects it agains a false certifcate. He manipulates the router and redirects the data targeted for your web site to his own web site. Mostly the agressor listens only to the information and redirects it immediatly to your web site.
This mechanism is complex due to the necessary manipulation of router equipment. Thus it is frequently used by secret services. By use of certificate pinning you can be sure that the visitor of your web site can only call your web site if he finds the certificate you already installed.
Manual certificate-pinning (PDF, 98 KB)
Each SwissSign certificate is signed by a SwissSign intermediate certificate. The SwissSign intermediate certificate is again signed by a SwissSign root certificate. In order to have a trustful certificate it is necessary to install the complete certificate chain e.g. on a web server. All operation systems and browsers have included the SwissSign root certificate but in some special cases it might be necessary to install the root certificate. Either it is possible to download the end certificate including the complete certificate chain on swisssign.net or the SwissSign root certificate will be installed later.
In Ihrem Kundenkonto können Sie nach der Installation Ihres Personenzertifikates das «SwissSign Seal» herunterladen und Ihre E-Mails als «secured by SwissSign» kennzeichnen. Damit visualisieren Sie zusätzlich zum Hinweis im E-Mail-Client, dass Ihnen vertrauliche E-Mail-Kommunikation wichtig ist.
Per e-mail address. As an individual you can obtain various certificates with different e-mail addresses in each case.
Principally you can request a Gold or Silver Personal ID certificate for a team account.
MS Outlook Webmail (OWA) does not support any e-mail certificates according to our current knowledge.
If the company entry is included in a certificate, this has to be approved accordingly by this company. The registration process guarantees that certificates with company entry are issued only if they are also wanted by the corresponding company.
The issuance speed for SwissSign certificates depends on the certificate type and reaches from a few seconds up to 10 business days for certificates, which require an intensive manual verification of the requester, of the organization or of the domain. These deadlines are valid after reception of the registration documents by SwissSign and can be held under the exclusive condition that all documents are correct and complete.
An exception are those certificates with automated issuance, which do not require submission of documents (eg. domain-validated-only SSL). These certificates are usually issued immediately.
Issuance speed for SSL Certificates:
Issuance speed for Personal Certificates:
Issuance speed for Organization Certificates:
These deadlines are standard values and may be subject to extraordinary exceptions (eg. important workload of the registration authority)