EV SSL Gold Single-Domain
Validation level: Extended validation
Number of domains: One
Protection with and without 'www' is included.
Please note: SwissSign must implement a new standard for e-mail certificates, the S/MIME BRG. As a consequence, SwissSign will have to generate the password to protect your key in case of provider-side key generation. In addition, the message confirming possession of the e-mail address is now only valid for 24 hours. The new requirements were implemented on 24 July 2023.
- Verification of identity (Extended Validation EV) of domain, applicant and organisation
- Issue time within 5 to 10 working days after application
- Duration: 1 year
- License can be used on an unlimited number of servers
- Warranty 100’000 CHF
- Full reimbursement within 30 days of issue
- Internationalised domain name (IDN) possible
- The certificate can also be obtained via Managed PKI
- Telephone and e-mail support in English, German and French
- After the Sale of the certificate the SwissSign seal is provided in the customer login
With multi-year certificates, you will benefit from attractive discounts. However, the validation and request for the certificate must be made annually despite the multi-year term.
- You find a list of countries and company registries for which we currently issue EV Certificates here. If your organisation is registered in another country, we are happy to process your application as well. However, we ask for your understanding that the above mentioned processing time of 5 to 10 working days cannot always be met in this case.
- Wildcard entries are not possible in the SSL Gold EV Certificate. For Wildcard entries we recommend our SSL Gold Certificate.
- For orders with multiple domains (Multi-Domain) the free of charge protection of domains with and without “www” is not included. Please define your domain entries one by one.
- Recognised root CA
- Signature algorithm sha256WithRSA
- Public Key following RSA (Rivest, Shamir, Adleman) is authorized, requirements:
- RSA key length 2048, 3072 or 4098 Bit
- Asymmetric key exchange with modern "Perfect Forward Secrecy"
- Legacy RSA encryption is also possible
- Compatible with all symmetric encryption algorithms for SSL/TLS with key length up to 256 Bit
- Key use: Digital signature, key encipherment, client authentication, server authentication
- Distribution on all common browsers and platforms. See Compatibility
- DNS CAA policies will be followed before authorization of the request
- Validation with OCSP and CRL
- OCSP stapling should be configured on the web server
- User account for certificate management
- Revocation service for the revoking of certificates
- Notification 30 days and 10 days prior to expiry of validity
- Application-specific entries in the certificate:
- CN = common name: domain name FQDN (mandatory)
- O= organisation (mandatory)
- C = country (mandatory)
- L = location (mandatory if there is no ST attribute)
- ST = canton, federal state (mandatory)
- Street address (optional)
- Postcode (optional)
- Business Category (mandatory)
- Country of registration (mandatory)
- State of registration (optional, mandatory in case the jurisdiction of incorporation works on state level)
- Locality of registration (optional, mandatory in case the jurisdiction of incorporation works on locality level)
- Serial or registry number (e.g. trade registry number, mandatory)
- SAN (SubjectAlternativeName) domain name same as in the Common name, optional entry with prepending www in case the certificate is selected with only one domain. With the option multi-domain additional domain or subdomain entries with additional domains. Wildcard entries are not permitted.
- Further applicant-specific entries are not permitted and are removed from a CSR.
- All applicable policies for public SwissSign certificates are published on the “Support\Repository” page. The policies specific to this certificate type are listed on the corresponding subpage.
Please submit the following documents by post
- Original copy of the signed application form. You will receive this automatically via e-mail after redeeming the license at www.swisssign.net.
- Copies (front and reverse) of a passport or identity card (Switzerland, Liechtenstein or EU) belonging to the applicant
- For public institutions: Excerpt from the Federal State Calendar or other proof of the organisation's existence on request
- Copies (front and reverse) of a passport or identity card (Switzerland, Liechtenstein or EU) belonging to the authorised signatory(ies) and/or co-signatory(ies) in accordance with the commercial register / Federal State Calendar.
In order to obtain a SSL Gold EV certificate you have to choose the right business category in your certificate request:
- «Private Organization»: The entity’s legal existence is created or recognized by a by a filing with (or an act of) the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration (e.g., by issuance of a certificate of incorporation, registration number, etc.) or created or recognized by a Government Agency (e.g. under a charter, treaty, convention, or equivalent recognition instrument); Examples: An incorporation listed in the trade registry or an association listed in the association registry.
- «Government Entity»: The entity’s legal existence was established by the political subdivision in which the entity operates. It could be typically the parliament, a ministry, a state agency or a city.
- «Non Commercial Entity»: The Applicant is an International Organization Entity, created under a charter, treaty, convention or equivalent instrument that was signed by, or on behalf of, more than one country's government. E.g. Unicef, WHO.
- «Business Entity»: Any entity that is not a Private Organization, Government Entity, or Non-Commercial Entity as defined herein. Examples include, but are not limited to, general partnerships, unincorporated associations, sole proprietorships, etc. In case of an SSL EV certificate the principal individual of this entity has to show up personally at a notary or SwissSign.
Please note the following for the registry number and fields for the jurisdiction of incorporation:
In case of a «Private Organization» you shall enter your registry number as serial number. As far the jurisdiction of incorporation operates on a local level all three certificate fields (locality, province/state, country) should be filled in. In case a jurisdiction of incorporation or registration agency operates on province/state level you shall leave the locality entry empty. In case a jurisdiction of incorporation or registration agency operates on country level only the country field should be filled in.
- For requests within Switzerland: Please note that the use of the new business identification number (UID) is mandatory upon entering the commercial register data of a company domiciled in Switzerland. Old commercial register numbers beginning with CH instead of CHE are no longer permitted. See tab FAQ.
- For requests outside Switzerland: In order to minimise the time and resources required in connection with unsuccessful requests, please send a scan of the above-mentioned documents to the following address for clarification in advance: [email protected].
- Language: Please submit your documents in German, English or French. Documents in other languages or composed using non-Latin characters must be translated into one of the three mentioned languages and the translation must be notarised. To this end, organisations based outside the EU and Liechtenstein again also require notarisation based on the Hague Apostille.
- Young companies: Companies which have not yet been on the market for three years are required to provide confirmation of their business activities through their principal bank or a trustee.
- Should you wish to request several Gold-level certificates, you can use your organisation's or domain owner's authorisations: authorisations (PDF, 168 KB)
- SwissSign should be allowed to issue certificates for your domains according to the DNS entry (CAA policy)