Key Management

The current DNSSEC keys for the top level domains .ch and .li are published here for name server operators.

NB: The keys for the top level domains .ch and .li should not be directly configured as trust anchors in your name servers. Instead, you should make sole use of the root-zone keys. Our keys are only set out here for checking purposes.

Current DNSSEC keys

CH: Key 46375, intended validity until 7 January 2016
DS 46375 8 1 E643FA55E65AEE8C922C9D0F7B4D640982217E32
DS 46375 8 2 8F96646FC68BB7E4AF4C0750A6096FBC0D4ECDA3D3FA6DA06FDDB42EE50C6CF3

LI: Key 25759, intended validity until 7 January 2016
DS 25759 8 1 8E213D45B98589BF7932320082902F7A3631F733
DS 25759 8 2 2272C70685FF8B6B37BAF944A7B76154982F21BE1D1BA737F25FA074EA6FDFB6

Key Management Practice Statement

The "Key Management Practice Statement" document describes how SWITCH handles the cryptographic key material associated with DNSSEC. It explains how the keys are generated and saved and when they lose their validity.

Key Management Practice StatementPDF