Public Discussion of SwissSign CA Inclusion Request

547 views
Skip to first unread message

Ben Wilson

unread,
May 5, 2025, 9:39:39 AMMay 5
to public

All,


This email commences a six-week public discussion of SwissSign’s request to include the following certificates as publicly trusted root certificates in one or more CCADB Root Store’s program. This discussion period is scheduled to close on June 16, 2025.


The purpose of this public discussion process is to promote openness and transparency. However, each Root Store makes its inclusion decisions independently, on its own timelines, and based on its own inclusion criteria. Successful completion of this public discussion process does not guarantee any favorable action by any root store.  


Anyone with concerns or questions is urged to raise them on this CCADB Public list by replying directly in this discussion thread. Likewise, a representative of SwissSign must promptly respond directly in the discussion thread to all questions that are posted.

CCADB Case Number: 00001460

Organization Background Information (listed in CCADB):

Certificates Requesting Inclusion:


  1. SwissSign RSA SMIME Root CA 2022 - 1:


  1. SwissSign RSA TLS Root CA 2022 - 1:

Existing Publicly Trusted Root CAs from SwissSign:

  1. SwissSign Gold CA - G2:

    • Certificate download links: (CA Repository / crt.sh)

    • SHA-256 Certificate Fingerprint: 62DD0BE9B9F50A163EA0F8E75C053B1ECA57EA55C8688F647C6881F2C8357B95

    • Trust Bits/EKUs: 

  • Server Authentication (TLS) 1.3.6.1.5.5.7.3.1

  • Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4

  • Client Authentication 1.3.6.1.5.5.7.3.2

  • Certificate corpus: (legacy Censys Search login required) (new Censys Platform login required and free accounts may be limited)

  • Included in: Apple, Google, Microsoft, Mozilla

  1. SwissSign Silver CA - G2:

    • Certificate download links: (CA Repository / crt.sh)

    • SHA-256 Certificate Fingerprint: BE6C4DA2BBB9BA59B6F3939768374246C3C005993FA98F020D1DEDBED48A81D5

    • Trust Bits/EKUs: 

      • Server Authentication (TLS) 1.3.6.1.5.5.7.3.1

      • Secure Email (S/MIME) 1.3.6.1.5.5.7.3.4

      • Client Authentication 1.3.6.1.5.5.7.3.2

    • Certificate corpus: (legacy Censys Search login required) (new Censys Platform login required and free accounts may be limited)

    • Included in: Apple, Microsoft

Relevant Policy and Practices Documentation:

Most Recent Self-Assessment:

Audit Statements:

Incident Summary (Bugzilla incidents from previous 24 months):


Thank you,


Ben, on behalf of the CCADB Steering Committee


Ben Wilson

unread,
Jun 17, 2025, 10:59:43 AMJun 17
to CCADB Public

Greetings all,

On May 5, 2025, we began a six-week, public discussion on the request from SwissSign for inclusion of two root certificate(s):

    SwissSign RSA SMIME Root CA 2022 – 1 (S/MIME)  

    SwissSign RSA TLS Root CA 2022 – 1 (TLS)

The public discussion period has now ended.

We did not receive any objections or other questions or comments in opposition to SwissSign’s request. We thank the community for its review and consideration during this period. Root Store Programs will make final inclusion decisions independently, on their own timelines, and based on each Root Store Member’s inclusion criteria. Further discussion may take place in the independently managed Root Store community forums (e.g., m-d-s-p).

Sincerely yours,

Ben Wilson, 

on behalf of the CCADB Steering Committee



Reply all
Reply to author
Forward
0 new messages