Add SwissSign RSA TLS Root CA 2022 - 1 and SwissSign RSA SMIME Root CA 2022 - 1
Categories
(CA Program :: CA Certificate Root Program, task, P1)
Tracking
(Not tracked)
People
(Reporter: raffaela.achermann, Assigned: bwilson)
Details
(Whiteboard: [ca-verifying])
Attachments
(7 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Steps to reproduce:
This is a request for a root inclusion.
We want to replace our existing "SwissSign Gold CA - G2" and “SwissSign Silver CA - G2” with new roots that fulfill the current expectations such as current key material or separation of TLS and S/MIME. These roots are already cross-signed by our current "SwissSign Gold CA - G2" and issues leaf certificates accroding to the current regulations and are part of our yearly audits
The reason for this exchange is that the existing roots are end of life and are based on old key-material (e.g. SHA-1 roots). With the "SwissSign RSA TLS Root CA 2022 - 1" and the "SwissSign RSA SMIME Root CA 2022 - 1" we separate the issuing of TLS and SMIME certificates. The new Roots only issue using SHA2-based signatures.
https://crt.sh/?id=7044154542
CN = SwissSign RSA SMIME Root CA 2022 - 1
O = SwissSign AG
and
https://crt.sh/?id=7044185765
CN = SwissSign RSA TLS Root CA 2022 - 1
O = SwissSign AG
Furthermore, I submit:
• BR Self-Assessment: https://repository.swisssign.com/CCADB_Self_Assessment.xlsx
• Root Certificate Download URL:
TLS: https://www.swisssign.com/dam/jcr:d7bff83f-43e3-4adc-84b2-0b694e84e4d5/SwissSign_RSA_TLS_Root_CA_2022_-_1.pem
SMIME: https://www.swisssign.com/dam/jcr:049189f2-d0e7-4164-a9a4-c0ce4a3eaf77/SwissSign_RSA_SMIME_Root_CA_2022_-_1.pem
• Test websites and testing (see below)
• Sub CA Hierarchy
Overview of test westsides of SwissSign RSA SMIME Root CA 2022 - 1
https://repository.swisssign.com/reference_certs/
Overview of test websites of SwissSign RSA TLS Root CA 2022 - 1
Status RSA TLS DV Certificates (DV) RSA TLS OV Certificates (OV) RSA TLS EV Certificates (EV)
Valid https://dv-rsa-tls-2022-valid-cert-demo.swisssign.com https://ov-rsa-tls-2022-valid-cert-demo.swisssign.com https://ev-rsa-tls-2022-valid-cert-demo.swisssign.com
Expired https://dv-rsa-tls-2022-expired-cert-demo.swisssign.com https://ov-rsa-tls-2022-expired-cert-demo.swisssign.com https://ev-rsa-tls-2022-expired-cert-demo.swisssign.com
Revoked https://dv-rsa-tls-2022-revoked-cert-demo.swisssign.com https://ov-rsa-tls-2022-revoked-cert-demo.swisssign.com https://ev-rsa-tls-2022-revoked-cert-demo.swisssign.com
EV-Policy-OIDs:
OID.2.16.756.1.89.2.1.3 (SwissSign specific)
OID.0.4.0.2042.1.4 (ETSI EVCP)
OID.2.23.140.1.1 (CABF EV)
Links to the TSP-Documents:
Overview: https://www.swisssign.com/support/repository.html
https://repository.swisssign.com/SwissSign_TSPS.pdf
TLS Documents:
https://repository.swisssign.com/SwissSign_CPS_TLS.pdf
https://repository.swisssign.com/SwissSign_CPR_TLS.pdf
https://repository.swisssign.com/SwissSign_CP_DV.pdf
https://repository.swisssign.com/SwissSign_CP_OV.pdf
https://repository.swisssign.com/SwissSign_CP_EV.pdf
S/MIME Documents:
https://repository.swisssign.com/SwissSign_CPS_SMIME.pdf
https://repository.swisssign.com/SwissSign_CPR_SMIME.pdf
https://repository.swisssign.com/SwissSign_CP_LCP.pdf
https://repository.swisssign.com/SwissSign_CP_NCP.pdf
https://repository.swisssign.com/SwissSign_CP_NCP_extended.pdf
Subscriber Agreement:
https://repository.swisssign.com/SubscriberAgreement.pdf
Reporter | ||
Comment 1•11 months ago
|
||
Reporter | ||
Comment 2•11 months ago
|
||
Reporter | ||
Comment 3•11 months ago
|
||
Reporter | ||
Comment 4•11 months ago
|
||
Reporter | ||
Comment 5•11 months ago
|
||
Reporter | ||
Comment 6•11 months ago
|
||
Assignee | ||
Updated•11 months ago
|
Assignee | ||
Updated•9 months ago
|
Assignee | ||
Updated•6 months ago
|
Description
•