New P12 generation algorithm on Pre-Prod from 23.06.2025 and from 07.07.2025 on Prod on

A new algorithm for creating "PKCS#12" files has been implemented. It will be available in our pre-production environment from 23.06.2025 to be tested. It will go live on production on 07.07.2025.

Please note:

• This change only applies to S/MIME (secure email) certificates retrieved over the Web frontend together with CA generated private keys, i.e. option "PKCS12 (with CA PIN)".

• The user flow in the WebGUI is not affected by the change, only the algorithm for creation of the files ("PKCS#12") has been improved.

Why we have updated the algorithm:

These PKCS#12 files are containers for CA generated private keys and S/MIME certificates.

The method used so far to create these containers has led to un-helpful warning messages for some of our customers when importing the PKCS#12 files file into their application. Thus, we have implemented an update to avoid these messages. In addition, we have also implemented an option that is backward compatible and widely supported by different client applications and operating systems while fulfilling the security requirements. Specifically, we have implemented "PBE1 Triple DES" as encryption method for these files.

What changes for you?

You should not experience any difference in your workflow except for the omission of the warning messages in some applications as mentioned above.

For any questions please don't hesitate to ask, we appreciate your feedback.

Best Regards

Your SwissSign Team