PKI certificates

Brief summary

The PKI certificates project ensures a centralised allocation and administration of certificates issued by the FCA and, in particular, offers a solution for the automated renewal of expired certificates.

Status and outlook

The PKI certificates project is currently in the implementation phase with agile management. The existing Public Key Infrastructure (PKI) of the Federal Office of Information Technology (FOIT) is geared to the security requirements of the FCA. For this purpose, the required security levels of the DaziT projects were assessed and implemented. At the end of 2019, an interim solution will be available to standardise the process for renewing certificates. All FCA specialist applications that are renewed or newly developed within the framework of the DaziT programme can build on this from 2020.
In a second step, a tool that automates the administration, issuance and renewal of certificates will be evaluated.

Object and purpose

Secure handling of highly sensitive data is indispensable for EZV business transactions. Digital certificates are used to protect data from falsification and to meet other security requirements. A digital certificate is a type of digitally encrypted signature. A specific IT infrastructure, a Public Key Infrastructure (PKI), is required for certificates to be issued, distributed and verified.

The FCA is not developing a new PKI of its own, but instead uses the existing internal federal FOITT-PKI which it is designing together with the FOITT in accordance with its requirements. Specific software for certificate management is also made available, which automatically notifies application owners before a certificate expires and issues replacement certificates as required. Simplified certificate management is thus introduced for the entire life cycle of a certificate. 

Questions and answers (FAQ)

https://www.ezv.admin.ch/content/ezv/en/home/topics/projects/dazit/aktueller-stand-der-arbeiten/zertifikate-pki.html