How does the initial setup of a seal certificate with the Signing Service work?

When setting up electronic seals, the provider of the signing application needs to provide Swisscom with the declaration of acceptance and configuration and an additional certificate application for the sealing certificate (so-called organizational certificate). The sealing certificate needs to be issued for three years. An authorized person of the organization has to sign the certificate application. The person's authorization can result from commercial registers (e.g., procuration) or a limited power of attorney. Swisscom needs proof of this power of attorney. 

In the next step, the authorized person gets identified and registered for the electronic signature through our Smart Registration Service or by a registration authority agent (short: RA agent) of Swisscom using the RA app. Afterward, Swisscom invites the authorized person to sign the certificate application electronically. The following steps differ depending on the type of electronic seal:

  • Advanced electronic seal: the operator of the signing application sends Swisscom a Secure Socket Layer (short: SSL)-a certificate they want to use as an access certificate for the interface to the seal.
  • Qualified/regulated electronic seal: the signing application provider arranges with Swisscom a fixed date to create together a private key. The private key needs to be made on a cryptographic device based on the FIPS 140-2 level 2 qualification or similar (e.g., Yubikey, Feitan Key, Key Vault HSM Microsoft, etc.). Based on this key, an access certificate is created. This type of certificate authorizes access to the signing or sealing process. As an alternative, customers of Swisscom Trust Services can submit an implementation concept if they like to achieve the assignment of the access certificate to the person responsible for the organization in different and compliant ways.