SuisseID Digital passport and signature

Steps to your SuisseID

About SuisseID

What can I do with a SuisseID?

SuisseID is the Swiss standard for digital identity. With it, people identify themselves definitively online and sign legally valid contracts electronically. It is therefore a digital passport and signature. More details

I do not come from Switzerland. Can I although have a SuisseID?

Yes – for your order you need only a valid passport (subject to changes). Documents such as a residence permit for foreign nationals or a driving licence are not permitted. In addition to a valid passport, we also accept identity cards for some countries. Please check the permitted identification documents and identity checkpoints.

Is a signature with SuisseID legally valid?

Yes. Signatures with SuisseID are legally valid according to Art. 14 Para. 2bis of the Swiss Code of Obligations.

Can I also make legally valid signatures with my SuisseID in Liechtenstein?

Yes. According to Art. 24 of the law on electronic signatures Liechtenstein considers qualified certificates of providers from contracting states of the EEA Agreement or Switzerland as equivalent to Liechtenstein certificates. SuisseID is based on certificates which were issued by SwissSign Ltd with headquarters in Glattbrugg. An electronic signature with SuisseID is therefore also legally valid in Liechtenstein.

Can I sign from afar without any connected SuisseID?

Yes – with the Multi Signing Service you sign PDF documents easily online and invite other recipients to add a signature. You can test the Multi Signing Service as a beta version for free here. Therefore the SuisseID Mobile Service has to be activated.

Can SuisseID sign VAT-compliant documents?

Yes – qualified certificates fulfil the requirements of the Ordinance of the Swiss Federal Department of Finance on Electronic Data and Information (OElDI) and theCompany Accounts Decree GeBüV. Individual invoices can therefore also be signed in a VAT-compliant manner. However, for the automated use of VAT-compliant documents we recommend the Organisation certificate of SwissSign.

Does the timestamp affect the legal validity of an electronic signature?

Yes – the time stamp will become obligatory where a qualified electronic signature is equivalent to a handwritten signature to comply with the written form. This applies for all signatures since 1st january 2017. More information can be found in the Swiss Federal Act on Electronic Signatures (ZertES).

Is SuisseID also available to download as a software certificate?

No – the Swiss Federal Act on Electronic Signatures (ZertES) stipulates that qualified certificates have to be delivered on a USB stick or a smart card.

Can SuisseID be used as a server version by all of my employees?

No – a SuisseID is personal and can be used by only one user.

Can I encrypt with SuisseID?

No, the SuisseID does not contain an encryption certificate. For encrypted and secure e-mail communication Swiss Post recommends the use of IncaMail.

How does SuisseID differ from SwissID?

SwissID is a new service from SwissSign, the joint venture of Swiss Post and SBB. SwissID is not replacing SuisseID, which was launched in 2010, this will continue to exist as a product. Nothing is changing for SuisseID users, they can continue to use their SuisseID to the full extent. When developing SwissID, however, the experiences gained with SuisseID have been used. The new service will be gradually set up – in the medium term SuisseID will be merged into SwissID.

You will find further information under www.swissid.ch

Order/Installation

The payment was interrupted when ordering using a credit card or PostFinance Card. What can I do?

The order was not successful. Your card has not been charged. Please try again.

I’ve bought a SuisseID. Are there any additional costs involved after purchasing the SuisseID, do I need something else to get the SuisseID? Will I need to pay further fees?

No. A voucher for a Yellow Identification is now included in the purchase price of a SuisseID. Present the voucher at when you visit an identity checkpoint and the identification will be performed free of charge.

I sent my application a few days ago and have not received anything yet. Is that normal?

Your application for a SuisseID is carefully checked so this takes at least 48 hours – and with great demand up to five working days. If this period has already elapsed, please contact our customer service department. Please note that you will receive two letters: the first contains your SuisseID, the second your TIN/PUK sheet (generally one day later).

My idendity card/my passport recently expired. Can I still order SuisseID?

No, please obtain a valid identity document first.

Can I continue to use the initialisation password (TIN) unchanged?

No, the Swiss Federal Act on Electronic Signatures (ZertES) stipulates that you must choose your own password (PIN) which is different from the initialisation password (TIN). After the change, the initialisation password (TIN) cannot and must not be used ever again.

What do I need the PUK and the TIN for?

You need the TIN to initialize your SuisseID. With the help of the PUK you can block/revoke your SuisseID in the event of loss or theft in order to prevent misuse. With the PUK you can also unblock a blocked authentication certificate. Therefore please keep the TIN/PUK sheet in a safe place.

An error occurred during initial operation. What should I do?

If the initialization is interrupted when loading, you will receive a new verification e-mail. Click on the link contained in the e-mail and confirm the information which is displayed. Restart the SuisseID Assistant and repeat the initialization, and here only the previously set password (PIN) must be entered now. Then click on «Execute».

Do I need to have administrator rights on my computer to install the SuisseID Assistant?

Administrator rights are required for the SuisseID Assistant.

I have problems installing the SuisseID Assistant. What can I do?

Uninstall the SuisseID Assistant and restart the computer. Install the SuisseID Assistant again. If the problem persists, please contact our customer service department.

Operation

My name is changing. What do I need to do?

According to the Swiss Federal Act on Electronic Signatures (ZertES), with name changes you are obliged to block/revoke your SuisseID because the certificate content is no longer correct. It is necessary to purchase a new SuisseID for a certificate request with your new name. A new proof of identity on the basis of a new identity card is also obligatory.

I am moving. What happens with my SuisseID?

SuisseID contains no address information. It is therefore still entirely valid.

I am changing my e-mail address. What can I do?

If you are no longer in possession of the e-mail address indicated in SuisseID, you are obliged to block/revoke your SuisseID according to the Swiss Federal Act on Electronic Signatures (ZertES). Please purchase a new SuisseID with the new e-mail address.

I have forgotten my password (PIN). What can I do?

The Swiss Federal Act on Electronic Signatures (ZertES) does not allow the password (PIN) to be reset for a qualified signature certificate. But the SuisseIDs are equipped with a PUK which enables the authentication certificate to be reset.

Can I change the password (PIN) I selected?

Yes – to do this, open the SuisseID Assistant and in the menu «Actions» select the function «Change PIN / password».

Can several computers use the same SuisseID?

Yes – but you cannot work on several computers with the same SuisseID at the same time.

With which operating systems and browsers is SuisseID compatible?

You will find an overview under System Requirements. All known and common browsers are supported.

I cannot log in via Safari, I also no longer have the option of choosing the authentication certificate.

This is a characteristic of Safari. In the first connection attempt with your SuisseID, Safari offers you a choice of certificates which are on your SuisseID. If the user does not choose the authentication certificate, the connection fails.Unfortunately this choice is also stored in Safari for future connections. There is also the issue that the wrong certificate is chosen by default, i.e. when the user simply clicks on OK.

  • To solve this problem, the stored selection must be deleted from Safari. Here the concerned «certificate preference» stored in the «Keychain Access» has to be deleted:
  • Open «Keychain Access»
  • Delete the preference which contains the link idp.suisseid-idp.ch
  • Reconnect and select the authentication certificate.

This procedure is described in detail on the Apple Website.

Why is the signature declared invalid in Adobe?

The problem is because in Adobe versions 9, 10 and 11 the validity of the signature is not necessarily verified automatically. Adobe also has to be able to access the Windows Certificate Store. To ensure this is possible, configure Adobe as follows:

Adobe versions 9 and 10: Go to «Edit/Preferences/Security/Advanced Preferences». Select the tab «Windows Integration». The configuration has to be selected as described below. Also check that under «Edit/Preferences/Security» the box «Verify signatures when the document is opened» is selected.

Adobe 9 10 Sign EN

Adobe version 11: In this version the setting for signatures is listed separately and not under «Security». This is how you configure version 11 correctly:

Adobe 11 Sign EN

What is the difference between certifying and signing in Adobe?

The purpose is different when it is a matter of certifying or providing a qualified signature: If you certify a PDF document in Adobe, this means that you agree to the contents of this document. At the same time, you allow the document to be amended within a certain scope. If other changes are applied which you have not authorised, the document loses the certification. This means, for example, that you can create forms and limit the entries in these forms. A PDF with a qualified signature can no longer be changed after the signature. The qualified signature guarantees that a document has not been changed after the signature.

How can I sign in Adobe DC?

Following the most recent update of Adobe DC (15.016.20039), the signature with SuisseID is no longer possible. This is due to the fact that the configurations of your Adobe DC application before the automatic update were not stored by the Adobe DC update.

Here are the elements which need to be reconfigured to correct this problem:

1) Disable «Enhanced Security» mode by deselecting the box «Enable Protected Mode» at startup, close and restart the application

adc mode protege

2) Load the «crypto-module» dedicated to SuisseID: menu Preferences/Signatures/Digital IDs/Modules and Tokens, then attach a module. The file to be selected is «cvP11.dll» under «c:/windows/system32/»

adc cryptomodule

3) Configure the time stamp under Preferences/Signatures/Document Timestamping/+, then enter the URL http://tsa.swisssign.net

adc tsa

My SuisseID is no longer detected, is it defective?

Please check the following points:

  • Is the SuisseID Assistant installed and SuisseID initialised according to the instructions?
  • Is SuisseID in the form of a SIM card properly inserted in the carrier (USB stick or chip card)?
  • Is the USB stick plugged into a working USB slot on your computer? Try another USB slot if necessary.
  • Close the browser and remove SuisseID. Insert it again and restart the browser. Does a pop-up window appear explaining that SuisseID has been inserted?
  • Start the SuisseID Assistant: Is your data correctly displayed?
  • Check the data of your SuisseID. Is it correct?

If the problem persists, please contact our customer service department.

My Firefox Thunderbird does not recognise SuisseID. What should I do?

This can happen if Firefox Thunderbird was not installed until after the SuisseID Assistant. Uninstall the SuisseID Assistant and reinstall it. The SuisseID Assistant will carry out the corresponding configuration only if Firefox Thunderbird is already installed.

Windows 7 no longer recognises SuisseID since an update. Is the driver for the chip card reader wrong or not correctly installed?

This can happen if Firefox Thunderbird was not installed until after the SuisseID Assistant. Uninstall the SuisseID Assistant and reinstall it. The SuisseID Assistant will carry out the corresponding configuration only if Firefox Thunderbird is already installed.

In some cases it can occur that the driver used for the chip card of Windows is not correct or a wrong version was installed. Carry out the following steps to rectify the problem:

Start the Device Manager via the menu «Computer/Control Panel/System» and «Security/System». Look for the device «Smart Card Reader» and click on it once to display the menu underneath it. Then with the right mouse button click on this submenu. Select «Properties» and then the tab «Driver». Follow the next steps depending on success, from automatic installation up to manual installation.

1. Automatic installation: Click on the button «Update driver». Windows searches for the suitable driver and installs the latest version automatically. This can take several minutes. We recommend not aborting the process. As soon as the installation is complete, remove SuisseID from the computer and reinsert it. Open the SuisseID Assistant. Your SuisseID should now be detected. If this is not the case, go to step 2.

2. Install previous version: Click on the button «Roll Back Driver» if this is available (otherwise go directly to step 3).The previous driver is installed. As soon as the installation is complete, remove SuisseID from the computer and reinsert it. Open the SuisseID Assistant. Your SuisseID should now be detected. If this is not the case, repeat this step. You can repeat this step until the button «Roll Back Driver» is no longer available.

3. Manual installation: Click on «Uninstall». Select the checkbox «Delete driver software» and then «OK». Now download the suitable driver directly from the manufacturer. Under «Downloads» you will find the software which you can now save on your computer. Install this driver by starting the program «Setup.exe». As soon as the installation is complete, remove SuisseID from the computer and reinsert it. Open the SuisseID Assistant. Your SuisseID should now be detected.

Where can I find my saved passwords in Firefox, Chrome and Safari?

Firefox: Click “Firefox” in the top left corner and open the «Options». In the Options window select the «Security» button. Under «Saved Passwords» you can go to all login data stored in Firefox. Now just click «Show Passwords» to see the full saved logins.

Google Chrome: Open Chrome on your computer and, in the top right, click the icon «More» – «Settings» – «Show advanced settings». Under «Passwords and forms» click «Manage passwords». A dialogue box will appear with a list of saved passwords. In the “Saved passwords” section, select the website and click «Show». Windows and Mac: If you lock your computer with a password, you will be prompted to enter your computer password. The website password will appear.

Safari: Start Safari and open the Preferences by clicking the menu item «Safari» in the top left of the screen and then selecting «Preferences». Click the «Passwords» tab at the top. At the bottom you will now find the option «Show passwords». Select this to show the passwords. If you do not want to show all passwords at once, you can copy certain passwords by right-clicking.

Block/Unblock/Extend

I have lost my SuisseID or it was stolen. What should I do?

We recommend that you immediately block/revoke your SuisseID.

My SuisseID is blocked. What can I do?

Secure login: If the password (PIN) is entered incorrectly three times, SuisseID is blocked for security reasons. You can unlock your authentication certificate.

Signature: If the password (PIN) is entered incorrectly three times, SuisseID is blocked permanently for the signing function for legal reasons. If you still want to sign, you have to purchase a new SuisseID.

I have changed job. May I continue to use my SuisseID Business?

Misleading use of a qualified signature certificate is a punishable offence. Incorrectly indicating organisation affiliation in signatures may be construed as misleading. Your SuisseID is personal and you could continue to use it for private purposes with restrictions. For your own protection we recommend that you immediately block/revoke it however. The organisation entered in the certificate also has the right without your consent to block/revoke your SuisseID at any time. We recommend that companies and organisations immediately block/revoke SuisseIDs of former employees or members.

Why can I not unblock the qualified signature certificate?

The Swiss Federal Act on Electronic Signatures (ZertES) does not allow the password (PIN) to be reset for a qualified signature certificate. But the SuisseIDs are equipped with a PUK which enables the authentication certificate to be reset.

My SuisseID will expire. What can I do?

You will be informed by e-mail 30 and 10 days before your SuisseID expires that you can extend the period of validity for 3 years. To initiate the extension, log in with your connected SuisseID and follow the instructions. If your SuisseID has already expired, you can no longer extend it and have to purchase a new SuisseID.

My SuisseID has expired. What do I need to do?

If your SuisseID has already expired, by rights you can unfortunately no longer extend this. However, you can purchase a new SuisseID at any time.

SuisseID Mobile Service

What is the SuisseID Mobile Service?

The SuisseID Mobile Service expands the possible uses of SuisseID. This means you can also carry out the secure login via mobile devices such as smart phones and tablets. Or you log in from your normal computer without the USB stick/the chip card having to be connected to the device.

Can I sign with the SuisseID Mobile Service?

No, the SuisseID Mobile Service is basically for securely logging in. But it can access online services which have integrated the SuisseID Signing Service and also sign.

For how long is the SuisseID Mobile Service valid?

The SuisseID Mobile Service is valid for the same period as your existing SuisseID. When your SuisseID is blocked/revoked, you also cancel the SuisseID Mobile Service at the same time.

Is the SuisseID Mobile Service available only for Swiss mobile numbers? Does it also work with prepaid mobile numbers?

The SuisseID Mobile Service ist available for several European countries: Switzerland, Germany, France, Belgium, Liechtenstein, Denmark, Finland, Luxembourg, Italy, Austria – including prepaid mobile numbers.

What does the SuisseID Mobile Service cost?

The SuisseID Mobile Service is included in the price of a SuisseID. 

Can I use the same password as the one for my SuisseID?

We recommend using different passwords.

I want to log in on my computer with a connected SuisseID but the login screen for the SuisseID Mobile Service appears. Why?

The online service cannot establish a connection to your SuisseID and therefore tries to carry out the login as an alternative via the SuisseID Mobile Service. To log in with SuisseID, please make sure that

  • the USB stick/the chip card is properly connected to the computer
  • the USB slot in which the USB stick is connected is working
  • the SuisseID in the form of a SIM card is properly inserted in the USB stick/in the chip card

Close all windows of your browser and try again.

I cannot access the SuisseID Mobile Service from my iPhone/iPad. Why is this?

Make sure you have enabled cookies in Safari. You need to proceed as follows here:

  • Open the settings and scroll down a little to the item «Safari».
  • Select «Accept Cookies».
  • Then choose either «Only from sites I visit» or «Always».

It is recommended to accept cookies only for sites you visit.

My SuisseID Mobile Service is blocked. What can I do?

You can log in with your SuisseID via the management portal and reactivate the service.

Security

What do I need to take into consideration in terms of security?

The secure SuisseID is used in an overall system of person, computer and internet, total control of which is outside the possibilities of a SuisseID. But as a user you can decisively influence the security of this overall system:

  • Person: The Swiss Signature Act demands that you always keep the SuisseID and the password (PIN) stored separately. The SuisseID or the password must never be handed over to third parties. Do not choose a password which is easy to guess. If you suspect abuse, change the password immediately and/or block your SuisseID. In the event of loss of the SuisseID it must be blocked immediately, like a bank or credit card.
  • Computer: Protect your computer with an antivirus program and keep your operating system up to date. You will find further information about this at the Reporting and Analysis Centre for Information Security of Confederation MELANI.
  • Internet: Visit only websites which you trust. When logging in check for the green display of the link in the browser. Observe the Rules of Conduct of the Confederation regarding careful action when surfing the internet.

If you abide by the rules of conduct and observe the protective measures you will have maximum security when using secure online transactions or communication. This applies for e-banking as much as for the use of the SuisseID.

I suspect that someone is misusing my SuisseID, what should I do?

Misuse is possible only when third parties are in possession of your SuisseID and your password (PIN).If you are no longer in possession of the SuisseID, the certificates must be immediately blocked/revoked. If you are still in possession of your SuisseID, however, you can change the password (PIN). To do this, open the SuisseID Assistant and in the menu «Actions» select the function «Change PIN / password».

Are there backup copies?

For the key pairs generated in SuisseID there are no backup copies and none can be created either because SuisseID does not support this function for security reasons and because of legal requirements.

How is SuisseID encrypted?

SHA-1 and SHA-2 are encryption algorithms used for the SuisseID login and digital signature. For the digital signature SuisseID uses the new standard SHA-2 and, since December 2016, all new SuisseIDs have also used the SHA-2 algorithm for login. This means SuisseID uses the latest technology for all encryption applications.

SuisseID is a registered trademark of SwissSign AG.