The PKI certificates project ensures a centralised allocation and administration of certificates issued by the FCA and, in particular, offers a solution for the automated renewal of expired certificates.
Status and outlook
The PKI certificates project is currently in the implementation phase. The existing Public Key Infrastructure (PKI) of the Federal Office of Information Technology (FOIT) is geared to the security requirements of the FCA. For this purpose, the required security levels of the DaziT projects are assessed and implemented. Last but not least, suitable software to enable automated renewal of certificates is also evaluated. The project is managed in an agile manner.
According to the plan, the new PKI will be available at the end of 2019. All FCA specialist applications that are renewed or newly developed within the framework of the DaziT programme can then build on this.
Object and purpose
Secure handling of highly sensitive data is indispensable for EZV business transactions. Digital certificates are used to protect data from falsification and to meet other security requirements. A digital certificate is a type of digitally encrypted signature. A specific IT infrastructure, a Public Key Infrastructure (PKI), is required for certificates to be issued, distributed and verified.
The FCA is not developing a new PKI of its own, but instead uses the existing internal federal FOITT-PKI which it is designing together with the FOITT in accordance with its requirements. Specific software for certificate management is also made available, which automatically notifies application owners before a certificate expires and issues replacement certificates as required. Simplified certificate management is thus introduced for the entire life cycle of a certificate.
Today, open areas of application should also be regulated. Examples of such areas of application are machine certificates (certificates for computers, servers and devices) or applications supplied by external suppliers and operated on behalf of the FCA.