• Information

SwissSign revokes S/MIME certificates – What NoSpamProxy customers need to know

The certification authority SwissSign is revoking a large number of S/MIME Silver certificates. Customers who use NoSpamProxy in conjunction with SwissSign Managed PKI (MPKI) may be affected. There is no security risk for emails or encrypted content. Nevertheless, affected customers should take immediate action.

21.04.2026|Last edited:21.04.2026

What happened?

During an external audit, SwissSign was made aware of a discrepancy in its own Certificate Policy Statement (CPR). It was found that the affected certificates do indeed comply with the S/MIME Baseline Requirements, particularly regarding the use of the commonName field to store the email address (Mailbox Address). The discrepancy relates exclusively to a different wording in the CPR, which additionally required first and last names for S/MIME Silver certificates.

The error therefore affects only the documentation, not the certificates themselves. Nevertheless, the CA/Browser Forum guidelines require SwissSign to revoke all affected certificates within 120 hours.

Important: There is no security risk for emails or encrypted content. The revocation is purely a formal compliance measure; it does not constitute an attack or a compromise.

Which certificates are affected?

All “SwissSign Personal S/MIME E-Mail ID Silver” digital email certificates issued between July 15, 2025 (12:00 a.m.) and April 17, 2026 (5:00 p.m.).

What happens if you don’t take action?

SwissSign will automatically revoke all affected certificates on April 22, 2026, at 3:00 p.m. CET. After that, emails signed with these certificates may be flagged as invalid or untrustworthy by recipients. Email encryption based on these certificates will also no longer be possible.

What should NoSpamProxy customers do?

  1. Check whether your NoSpamProxy configuration includes a connection to the SwissSign Managed PKI.
  2. Identify all affected S/MIME certificates based on their issuance period (July 15, 2025, to April 17, 2026).
  3. Request replacement certificates via the SwissSign MPKI. The product itself remains available as usual; the error in the documentation has already been corrected.
  4. Install and activate the new certificates in NoSpamProxy before April 22, 2026, at 3:00 p.m. CET.
  5. If necessary, notify communication partners whose systems have the old certificates stored in their truststore.

Further information

SwissSign has notified affected customers via email. The official compliance report can be found in Mozilla’s Bugtracker Bugzilla.

ZIP bombs: big trouble in a small packageZIP-Bomben: erst klein, dann gemein 1200x627Why IT service providers use NoSpamProxy to strategically strengthen their ...