New SwissSign MPKI: What you need to do now
The switch to the new managed MPKI service from SwissSign has been completed. In this blog article, you will learn what you need to do to ensure that SwissSign is still correctly integrated as a certificate provider.
What has changed?
In October 2022, SwissSign released its new Managed PKI solution, which makes issuing digital certificates even easier and more convenient. The new high-performance, scalable and secure infrastructure replaces the previous environment and also enables the use of additional interfaces for automated certificate issuance.
The new MPKI uses a different URL, which is automatically used by NoSpamProxy after you have re-added SwissSign as a provider for key requests.
If the operating system Windows Server 2012 R2 or older is installed on the systems with the NoSpamProxy Gateway Role, a secure connection via TLS with SwissSign is no longer possible. Update affected systems to a more current operating system as soon as possible.
How to proceed
To enable certificate requests, proceed as follows:
- Make sure that SwissSign has switched you to the new interface. You can direct any queries to mpki@swisssign.com.
- Make sure that you have received a new RAO certificate.
- Revalidate your own domains via the SwissSign portal.
- Update NoSpamProxy to at least version 14.0.5.39.
- Import the new RAO certificate under Identities > Certificates > Certificate management.
- Create a new provider under Identities > Key enrolment > Key enrolment provider. Take over the values of the old provider, but select the new RAO certificate.
Manual requesting of certificates should now work.
SwissSign-Silver customers with an existing MPKI can continue to use their old account name and product name or switch directly to the new information provided by SwissSign. SwissSign Gold customers must switch directly to the new account name and product name information.
If the manual requesting of certificates works, you must select the new provider for the automatic user import in the respective AD groups.