SuisseID Digitaler Pass und Unterschrift

Schritte zu Ihrer SuisseID

Setup/Support

This guide is for system and network administrators who need to support the Post SuisseID digital identification on Mac OS X. It describes the components contained in the Post SuisseID Software package and details the changes made during the installation.

Overview

This guide is based on the Post SuisseID Software 3.4 for Mac, which can be downloaded from http://postsuisseid.ch/setup. The installer contains a number of packages bundled as a Mach-O executable built with IceBerg and delivered in DMG format. The software contains the following components:

Component Use
TokenD module Enables Mac OS X applications such as Safari and Mail to use Post SuisseID.
PKCS#11 Module Enables Mozilla / PKCS11 applications to access to Post SuisseID.
Post SuisseID Assistant Utility to initialize, change PIN/password and extend the expiry date of the Post SuisseID.
Uninstaller An executable that performs the removal of the Post SuisseID software and settings.

The installation routine requires administrative access to make the necessary changes to the system. Use the Console application to view the installation log in case of issues during installation (/var/log/install.log).

The uninstall displays any messages after removing the Post SuisseID software in TextEdit. NOTE: the uninstall program is not installed. You can keep the DMG file or copy the uninstall program to a folder such as /Applications.

Options

A number of options can be used to customize the installation:

Option Use Default value
TokenD Installs the relevant (OS X 10.5 or 10.6) tokend module to /System/Library/Security/tokend/scInterface.tokend enabled
PKCS#11 Installs the relevant PKCS#11 module to /usr/local/lib/cvP11.dylib and registers it with all Mozilla Firefox and Thunderbird profiles. enabled
Post SuisseID Assistant Program required to change the PIN/Password and initialize the Post SuisseID before first use. During an interactive installation the program is launched automatically at the end of the install. See section below for more information on the network connection required when the Post SuisseID is initialized. enabled
Post Certificate Enables support for legacy product Post Certificate. NOTE: This can cause conflicts with smartcards from other vendors. disabled

Internet Access

Access to internet services is required by:

  • Post SuisseID Assistant to initialize or extend the Post SuisseID.
  • Applications that check the validity of the Post SuisseID.

Post SuisseID Assistant:

Access to the following URLs is required to initialize or extend the Post SuisseID

  • https://swisssign.net/cgi-bin/api/certimp (SuisseID)
  • https://postzertifikat.ch/import/f_5543_import.php (required for legacy Post Certificate product)

The following network detection and proxy mechanisms are supported:

  • System settings: uses operating system settings (includes WPAD, PAC and manual proxy settings)
  • Basic Proxy Authentication
  • HTTP/SOCKS: override system configuration with manual settings

Validity check:

Most applications that uses the Post SuisseID usually check the validity of the certificates using CRL or OCSP. The applications use URL information stored in the certificate to locate the required service. For Post SuisseID these are currently:

  • http://crl.swisssign.net
  • ldap://directory.swisssign.net
  • http://*.ocsp.swisssign.net, for e.g. http://platinum-suisseid-g2.ocsp.swisssign.net

Further information and FAQ

FAQ Post SuisseID Installer

SuisseID ist eine eingetragene Marke der SwissSign AG.