Solution update 06.05.2026
This is a addition to the solution update published on 23.04.2024 and was just communicated by the SEPPmail support today:
If certificates should be re-issued after they where revoked by Swisssign a manual check of the revocation status has to be done. See: https://docs.seppmail.com/en/07_mi_15_usr_04_advanced-settings.html#as_revocation
Clicking on the Check OCSP/CRL status now button immediately causes certificates of the Users listed in SEPPmail Secure E-Mail Gateway to be checked via OCSP (Online Certificate Status Protocol) and/or CRL (Certificate Revocation List).
Solution update 23.04.2026
Based on the instructions provided by SEPPmail, if executed the day before the SwissSign revocation process on Wednesday 22.04.2026 at 15:00 GMT+2, the SEPPmail appliance should have renewed all affected certificates upfront and hence the revocation of the invalid certificates has no impact.
Should you have missed this change, then please follow the second workaround instructions provided in the SEPPmail article to recover active user accounts on your SEPPmail which have no valid certificate available anymore.
Find the required steps shown in the instruction here:
Under MPKI Settings, enable the following:
- “Automatically create certificates for active users without certificates”
This will ensure that the Automatic Renewal Job, that takes place nightly, will be able to also reissue the revoked SwissSign certificates. This is only necessary, if these changes were not implemented before Tuesday, 21.04.2026 at 9:00 p.m.
Please note that this change should be undone (deselected) again after the nightly process of the “auto renewal” process.
Also don’t forget to change back possible changes to the renewal period of your certificates! Default auto-renewal is typically set to 30days.
Solution update 20.04.2026, 17:30
SEPPmail has released another statement on their Statuspal website with recommendations to adjust some settings in the MPKI tab of your SEPPmail.
Please check out the article here: CORRECTION: SwissSign – renewal of S/MIME Silver certificates (On Prem)
Originally published information:
SwissSign and SEPPmail have just informed its customers regarding a formal error which affects all S/MIME email certificates that have been issued between July 15, 2025 and April 17, 2026.
Link to the article: Swisssign – renewal of S/MIME Silver certificates
We’re still in contact with SEPPmail for the verification of further steps to remediate this issue and find a way how replacement certificates can be inquired automatically for affected SEPPmail user accounts.
We’ll publish updated informations as soon as we’ll have them. In the meantime please check the status on the SEPPmail Statuspal website or don’t hesitate to raise a support case with us or the vendor to be informed as soon as there’s solution available.
