SwissSign

NOTE: SwissSign now offers a new MPKI that uses a different URL. NoSpamProxy automatically uses this URL after you have added SwissSign again as a provider for key requests. Current MPKI certificates cannot be imported directly into Windows Server 2016 or older due to the encryption method used. To do this, the private keys must be re-exported using simpler algorithms.

1. Go to Identities > Key enrolment > Key enrolment provider.
2. Click Add and select SwissSign as the provider.
   
3. Select the operator certificate.
4. Enter the account name and the product name as well as the product type and validity.
   

   NOTE: For the account name and for the product, please use the data that you have received from SwissSign. Note that these dates may differ from old information.

   
   
5. Click Next.
6. Enter a prefix if you want to request a pseudonymised certificate. Alternatively, select one of the default values pseudonym or pseudo.
7. Determine whether you want to publish your key to Open Keys. See Using Open Keys.
8. Click Finish.

SwissSign products supported by NoSpamProxy

NoSpamProxy currently supports the following products:

• SwissSign Silver LCP

• SwissSign Gold NCP

• SwissSign Gold NCP Extended

Notes on SwissSign Gold products

NOTE: If certificates are to be requested for general or system mailboxes, a pseudo: must be inserted before the display name (general name/Common Name/CN). This cannot be automated by NoSpamProxy, so this information comes from Active Directory or LDAP. This information should be provided at the beginning and ideally as a first name. To submit the correct order in the CN, use NoSpamProxy version 13.2.21111.1701 or higher

NOTE: From version 15.5, you must create a separate AD group for system mailboxes, for example info@example.com or and support@example.com. Under Automatic key enrolment in the group settings, you must then select the option Use pseudonym prefix for requests. See Automating the user import.