A data security specialist by Swiss Post

Main section

5.1. Guide for adding domains to the Managed PKI setup

As the access manager, you have the option of requesting new main domains for the Managed PKI and having them checked automatically as part of the procedure approved by the CA Browser Forum. To do so, you have to log into the certificate platform ra.swisssign.net. Log in here with the certificate used. 

Once logged into swisssign.net, you’ll see this image on the left. 

Make sure that you are logged in with the correct access certificate (in yellow here). For personal certificates, this would be MPKI-RAO <Your name>. For certificates to use a CMC interface, this would be <Auto-RAO>. 

First, click on ‘Manage domain’ under ‘MPKI domain verification’. 

It should be noted that validation for email and SSL domains has to be carried out separately. Select the RA and continue by clicking ‘Next’. 

To generate a random value and start the 30-day validation process, please enter your domain in the domain field and start the process. 

The system will generate a random value per domain, which is to be inserted for the domain to be checked in a TXT entry of the DNS record of the domain: swisssign-check=<random value>.

The system automatically checks the entry. The check must be successfully completed within 30 days. After a successful check has been carried out, the domain is added to your Managed PKI and you can use the domain as soon as it is entered in the list under ‘Domains’.

You will be able to see from the status message whether the automatic check was successful or whether there were, for example, problems with the firewall and accessibility. Any problem reports and times for the last check may help you and SwissSign Support with any accessibility problems.

You can find more about this via Create certificate MPKI