Swiss Certificate Authority for SSL/TLS certificates, qualified e-signatures, and digital identity
Review by EuropeanStack EditorialUpdated Verified
SwissSign is a specialist product for a well-defined audience. Swiss Post backing and 25 years of operation make it one of Europe's most stable and trustworthy Certificate Authorities. Its dual ZertES/eIDAS certification for qualified signatures is unique among Swiss providers and genuinely valuable for cross-border Swiss-EU document workflows. SSL/TLS pricing via the webshop is less transparent than global competitors, and the Swiss-only data hosting excludes it from EU-residency requirements. For Swiss enterprises and organisations bridging Swiss and EU legal requirements, SwissSign is the authoritative choice.
SwissSign AG is Switzerland's leading Certificate Authority, wholly owned by Swiss Post since 2021. It issues SSL/TLS certificates (DV Silver, OV Gold, EV Gold) and provides qualified electronic signatures and seals under both Swiss ZertES law and EU eIDAS regulation, the SwissID digital identity platform, timestamping services, and managed PKI solutions for enterprises. Data is held in Switzerland, with European recognition through eIDAS for qualified signature services.
Headquarters
Glattbrugg, Switzerland
Founded
2001
Pricing
EU Data Hosting
No
Employees
51-200
Contact Sales
Contact Sales
Contact Sales
Contact Sales
Contact Sales
Billing: annual, multi-year
In 2001, when most Certificate Authorities were run by American multinationals, a group of Swiss organisations — including Swiss Post, SBB (Swiss Federal Railways), and several cantonal banks — founded SwissSign to give Switzerland its own trusted digital identity infrastructure. That institutional origin shapes everything about SwissSign today: stable, conservative, state-backed, and built for long-term trust rather than volume sales.
SwissSign AG has operated for over two decades as Switzerland's primary Certificate Authority. In 2021, Swiss Post — Switzerland's state-owned postal and telecommunications group — consolidated full ownership of SwissSign, cementing its position as a public-interest digital trust provider. The company now operates from Glattbrugg in the canton of Zurich with a staff of 51 to 200 people, issuing SSL/TLS certificates, qualified electronic signatures, the SwissID national digital identity platform, and managed PKI services for Swiss enterprises and government bodies.
What distinguishes SwissSign from global CAs like DigiCert or Sectigo is its dual legal framework. SwissSign holds certification as a qualified trust service provider under both Swiss ZertES law (the Federal Act on Electronic Signatures) and the EU's eIDAS regulation. Qualified signatures issued by SwissSign carry legal weight equivalent to handwritten signatures across EU member states — a significant advantage for Swiss organisations conducting business across the border.
The SSL/TLS certificate business follows a tiered structure familiar from other CAs: DV (domain-validated) Silver certificates for basic HTTPS, OV (organisation-validated) Gold for business credibility, and EV (extended validation) Gold for the highest assurance level. Wildcard and multi-domain variants are available across tiers.
SwissSign's certificate portfolio covers every common use case for HTTPS encryption and digital trust:
SSL Silver (DV) is the entry tier — domain-validated certificates issued quickly with CHF 10,000 warranty coverage. Suitable for blogs, informational sites, and non-transactional web properties. Single-domain and wildcard variants are available.
SSL Gold (OV) requires organisation validation — SwissSign verifies the legal existence and ownership of the applicant entity. The Gold certificate includes a Trusted Seal (a clickable trust badge) and carries CHF 100,000 warranty coverage. Single-domain, wildcard, and multi-domain variants cover most enterprise deployment patterns.
EV SSL Gold is the highest assurance level. Extended validation requires comprehensive verification of the organisation, including physical address, operational status, and domain authority. EV certificates historically triggered a green address bar in browsers — that visual indicator was removed by major browsers in 2019, but EV certificates retain value for highly regulated sectors (banking, healthcare, government) where the underlying validation depth matters for compliance purposes, not just browser display.
From 9 March 2026, a regulatory change reduced the maximum validity period for TLS/SSL certificates to 198 days — roughly six months. This affects all CAs, not just SwissSign, but it means that annual renewal workflows now require semi-annual renewals. Certificate automation via ACME protocol or SCEP/EST is increasingly important for organisations managing more than a handful of certificates.
Qualified electronic signatures (QES) are the highest legally recognised category of electronic signature under both Swiss ZertES law and EU eIDAS regulation. They carry the same legal force as a handwritten signature for documents subject to Swiss or EU law — courts must accept them as binding without additional verification.
SwissSign issues QES certificates to verified individuals and QES seals to verified organisations. The verification process involves identity proofing against official documents; SwissSign offers integration with SwissID, the Swiss national digital identity, to streamline this process.
The dual ZertES/eIDAS coverage is SwissSign's strongest competitive differentiator in the digital signature space. A Swiss organisation signing contracts with EU counterparties can use a single SwissSign certificate for both Swiss-law documents (ZertES governs) and EU-law documents (eIDAS governs), rather than managing separate certificate relationships with a Swiss CA and an EU trust service provider.
Competitors like DocuSign, HelloSign, or Adobe Sign offer advanced electronic signatures in the EU but do not hold ZertES certification for the Swiss market. Swisscom Trust Services is SwissSign's primary Swiss competitor for qualified signatures.
SwissID is Switzerland's national digital identity platform, operated by SwissSign Group AG (the parent entity). It provides verified digital identities for Swiss citizens and residents, usable for authentication with government services, banking portals, insurance companies, healthcare providers, and an expanding network of commercial partners.
For organisations, SwissID integration enables strong authentication without building identity verification infrastructure from scratch. Users authenticate once through SwissID and can reuse that verified identity across participating services — comparable in concept to the EU's eIDAS national identity schemes, but specific to the Swiss ecosystem.
SwissID has approximately 2.5 million active users in Switzerland, covering a significant share of the digitally active population. Uptake among Swiss financial institutions and public sector bodies is high.
Large organisations issuing hundreds or thousands of certificates — for servers, IoT devices, employees, or customers — need certificate lifecycle management beyond manual webshop purchases. SwissSign's Managed PKI (mPKI) service provides:
Pricing for mPKI is custom and depends on certificate volumes, validation requirements, and support tier. This is the enterprise sales layer of SwissSign's business, and it represents the majority of revenue from large Swiss corporate and public sector clients.
SwissSign's pricing is volume-based and calculated through their online webshop. Individual certificates are priced per unit with discounts for multi-year terms (up to 28% over five years) and volume commitments. Specific per-certificate prices are not listed publicly outside the webshop ordering process.
As reference points from third-party resellers and publicly available information:
The currency is CHF for Swiss clients. EU clients purchasing via the webshop may see EUR pricing.
Managed PKI pricing requires a direct sales conversation. There is no self-serve enterprise tier.
Note: from March 2026, the reduced 198-day maximum certificate validity effectively doubles renewal frequency for all SSL/TLS certificates. Factor this operational cost into your total cost of ownership calculations.
SwissSign is a Swiss company headquartered in Glattbrugg, Switzerland. All certificate issuance, identity verification, and data storage operations occur in Swiss data centres — not in the EU or EEA.
This distinction matters precisely because of what SwissSign sells. Certificate data, identity verification records, and private key operations remain under Swiss law — specifically the Swiss FADP — rather than GDPR. Switzerland benefits from an EU adequacy decision under Article 45 GDPR, meaning data can flow from EU entities to SwissSign lawfully, but Swiss law governs that data once held there.
For EU-regulated organisations with data-residency requirements specifying EU/EEA infrastructure, SwissSign's Swiss hosting may not satisfy the letter of those requirements for the data processed during certificate management. The actual TLS encryption SwissSign certificates enable operates on the customer's own infrastructure — so the customer's web traffic is not sent to SwissSign.
Where SwissSign's EU position is clear and valuable: eIDAS recognition. SwissSign is a qualified trust service provider listed on the EU Trusted List (EUTL), which means qualified electronic signatures it issues are accepted as legally equivalent to handwritten signatures across all EU member states. This is concrete EU legal recognition — not just a claim — and it makes SwissSign one of a small number of Swiss providers with genuine cross-border legal utility in Europe.
For Swiss organisations operating under ZertES, SwissSign is the incumbent provider with the deepest integration into Swiss government and regulatory infrastructure.
Swiss organisations seeking a domestic CA with strong public-sector trust, ZertES certification, and SwissID integration. SwissSign is the natural choice for Swiss public bodies, regulated financial institutions, and any entity where Swiss legal compliance is the primary requirement.
Organisations needing dual ZertES/eIDAS coverage for signing documents under both Swiss and EU law. A single SwissSign certificate covers both frameworks — no competitor offers this combination from a Swiss-based provider.
Enterprises managing large certificate volumes through Managed PKI get Swiss-hosted lifecycle management with API automation and dedicated account support.
EU-only organisations without Swiss operations will find DigiCert, Sectigo, or a European CA (like D-Trust in Germany, or Certigna in France) a more natural fit — deeper EU ecosystem integration, competitive pricing, and EU data residency without the Swiss jurisdiction nuance.
Startups or small businesses needing basic HTTPS encryption may find the webshop's volume-based pricing model and the lack of flat-rate public pricing frustrating. Let's Encrypt provides free DV certificates; commercial CAs like Sectigo or Comodo offer transparent flat-rate pricing for single-domain and wildcard certs. SwissSign's SSL Silver is not the obvious choice unless Swiss jurisdiction or the Trusted Seal matters to your specific audience.
SwissSign is a specialist product for a well-defined audience. Swiss Post backing and 25 years of operation make it one of Europe's most stable and trustworthy Certificate Authorities. Its dual ZertES/eIDAS certification for qualified signatures is unique among Swiss providers and genuinely valuable for cross-border Swiss-EU document workflows. SSL/TLS pricing via the webshop is less transparent than global competitors, and the Swiss-only data hosting excludes it from EU-residency requirements. For Swiss enterprises and organisations bridging Swiss and EU legal requirements, SwissSign is the authoritative choice.
Yes. SwissSign is a WebTrust-audited Certificate Authority. Its root certificates are included in the browser trust stores of Mozilla Firefox, Apple Safari, Microsoft Edge, and Google Chrome. Certificates issued by SwissSign are automatically trusted by all major browsers without any additional configuration.
ZertES (Federal Act on Electronic Signatures) is Swiss law governing electronic signatures for documents subject to Swiss jurisdiction. eIDAS (EU Regulation 910/2014) is the equivalent EU framework. SwissSign holds certification under both, so a qualified signature from SwissSign is legally valid for Swiss-law documents (ZertES) and EU-law documents (eIDAS). Most other Swiss CAs hold only ZertES certification.
Swiss Post has fully owned SwissSign AG since 2021. Swiss Post is a state-owned corporation established by federal law — it cannot be acquired, taken private, or shut down without an act of the Swiss Federal Council. This is arguably the most stable possible ownership structure for a Certificate Authority, where longevity and trustworthiness are prerequisites.
Let's Encrypt provides free, automated DV (domain-validated) certificates for basic HTTPS encryption. It offers no OV/EV validation, no warranty, no organisational identity verification, and no Trusted Seal. SwissSign's Silver (DV) certificates compete at the same validation level but cost money — the value-add is Swiss jurisdiction, the warranty, and the ability to upgrade to OV or EV within the same vendor relationship. For basic HTTPS on non-commercial sites, Let's Encrypt is the better choice. For organisations where CA identity and warranty matter, SwissSign's OV/EV tiers are appropriate.
No — the 198-day maximum TLS certificate validity became industry-wide from March 2026, mandated by the CA/Browser Forum. All Certificate Authorities, including DigiCert, Sectigo, and Let's Encrypt, must comply. The practical effect is that semi-annual renewal (or automation via ACME/SCEP) is now required for all TLS certificates regardless of CA. SwissSign supports ACME protocol for automated renewal.
Italian certificate authority providing SSL/TLS, S/MIME, and qualified digital certificates
Norwegian certificate authority offering free and commercial SSL/TLS certificates
Alternative to Digicert, Lets Encrypt
Polish certificate authority providing affordable SSL, code signing, and qualified certificates
No-bullshit domain registration and DNS hosting since 1999
Alternative to Cloudflare