1.2. Requirements for using SwissSign Managed PKI web services
Anyone who receives a signed document or logs in to a website is called a ‘relying party’ and must be able to rely on the content of the certificate. They therefore trust the certificate service provider. As a result of this chain of trust, the Managed PKI service customer signs a declaration of acceptance for the registration authority delegation, where the customer is subject to the certificate service provider’s rules and documents their specific responsibility and diligence with respect to handling and issuing certificates. The certificate service provider’s rules are described in detail in the CP/CPS certification policy and practices.
In contrast to the web shop’s certificate products, SwissSign does not individually review each certificate with respect to the subject of the certificate if it meets the registration authority delegation’s guidelines. The permissibility and attributes for the certificate issue are defined in the declaration of acceptance (e.g. approved domains, period of validity for certificates, certificate visibility in the LDAP directory), alongside the duties, verification processes and diligence standards that the registration authority (RA) is required to comply with.