only

/year

Secure Email S/MIME Certificate

Protect enterprise communication from a variety of cyber threats and prevent data breaches.

The DigiCert S/MIME Certificate enables the digital signature and encryption of your emails, ensuring the security, confidentiality and integrity of your email communications.

Digital signatures identify and validate the sender, proving the origin of the email and ensuring that it has not been tampered on delivery. This helps users identify and avoid phishing scams.

End-to-end encryption protects the content of the email by making it unreadable to anyone other than the intended recipient. The S/MIME certificate enhances privacy and data security. Stay compliant with laws and regulations around the world.

Comprehensive email protection for your company and your customers. S/MIME certificates give your employees confidence in their communications and help prevent the kinds of email-based attacks that can cause damage to your business.

Client Premium S/MIME Certificate

The best S/MIME Certificate from DigiCert, the world's largest high-assurance certificate authority.

Digitally signed and encrypted email with S/MIME certificate

Secure Email Signing & Encryption

Protect your employees, partners and customers from phishing attacks and data leaks, and prevent hackers from reading your email. The DigiCert S/MIME certificate will apply its own cryptographic signature to all your emails so recipients can quickly verify that the email is from you (and not a cybercriminal). In addition, end-to-end encryption protects the content of your emails to protect personal data, passwords, business secrets, and other sensitive information sent via email.

Document Signing

An additional benefit of the DigiCert Premium S/MIME certificate is that it allows you to digitally sign Microsoft Office and Open Office documents. This means that anyone who is receiving the document will have proof that the document comes from who they say it comes from, and will know that there has been no tampering with the document during transit.

Client Authentication

Another additional benefit provided by the S/MIME certificate is that it allows you to increase the protection of your network, applications, and servers with certificate-based two-factor authentication.

DigiCert Premium S/MIME Certificate

price per certificate

/year

Organization Validation (Class 2)

Validates ownership of email address and identity of organization and individual.

Certificate Fields

email address

employee's name or department name

company name

company address (city, state and country)

BUY S/MIME CERTIFICATE

All prices do not include VAT

How S/MIME Certificates Protect Your Emails

UNSIGNED AND UNSECURED EMAIL

VULNERABILITY

No way to prove sender is author

Email could be intercepted

Email could be received by unintended party

Plaintext email can be viewed by others

SIGNED AND ENCRYPTED EMAIL

SECURE AND VALIDATED

Proves authorship

Shows the email came from you

Prevents tampering

Ensures message privacy

Keeps sensitive info private

Benefits of DigiCert Premium S/MIME Certificates

Confirm sender identity and email integrity

When you digitally sign your e-mails, the recipient has the assurance that the email comes from a verified and trusted source and that it has not been altered in transit.

Keep message content secure

Guarantees confidentiality. The S/MIME certificate encrypts the e-mail and attachments, so only the sender and recipient can read them.

Avoid email-based attacks

By encrypting and using digital signatures, S/MIME certificates help protect users from phishing, spoofing, and other types of email fraud.

Maintain Compliance

Encrypting your email with S/MIME certificates is a necessary approach to maintaining compliance. Several privacy laws and regulations require encryption to protect sensitive data, including GDPR, HIPAA, LGPD, DFARS, and PCI-DSS.

Native compatibility and easy to deploy

No additional software is required. S/MIME certificates are compatible with all major email clients, Internet browsers and mobile devices. For most clients, digitally signing and/or encrypting an email is as easy as clicking a button.

Protects your network and servers

Certificate-based authentication is far more secure than password authentication, which is susceptible to attacks, phishing, brute force, and interception.

S/MIME Certificates Solution FAQs

What is required to order the DigiCert Premium S/MIME Certificate?

Before you submit your S/MIME Certificate request, please ensure you have:

The domain of your email address registered to your organization
A business phone number that can be found through a third-party directory
Business headquarters and incorporation information
Billing, technical and corporate authority contact details

The S/MIME Certificate is issued per user (per e-mail address). For example: If you want to use the S/MIME Certificate for 5 users in your company, you need to order 5 S/MIME Certificates.

Note: Due to the validation requirements, there may be a delay between when you place your order and when you receive your certificate.

Upon completion of the organization validation process, we will send you an email with a link to generate the certificate directly in your browser (Chrome, Firefox, Edge, Opera or Safari). Once the certificate is generated, you can export it to a PFX file (PKCS12) in your browser.

How does DigiCert Premium S/MIME Certificate validation process work?

For DigiCert Premium S/MIME Certificate orders, industry standards require DigiCert to validate the organization included in your certificate request before we can issue your certificate.

The validation process is required to:

Verify the legal existence of the organization and make sure it is in good standing
Verify the legal physical address for the organization
Confirm your authority to order a certificate for the organization

To verify your organization's existence and status, DigiCert checks corporate registries, such as local government registration records, Dun & Bradstreet, and Business Profile on Google. We also check for history with fraud or phishing, and also whether your organization is in government restricted entities or anti-terrorism databases.

Most of the organization verification work is done by DigiCert, we generally ask for very little help from you. However, a DigiCert validation agent may reach out to you for an acceptable document to help DigiCert confirm your organization is a legally and lawfully formed organization.

To prove your domain ownership, there are two options:

Email Verification: DigiCert sends an email with a verification link to five constructed email addresses for the domain: admin, administrator, webmaster, hostmaster, and postmaster @[domain_name].
DNS Verification: Add a DigiCert generated token to the domain's DNS as a TXT record.

To confirm your authority to order certificates for the organization, DigiCert must first find a verified, publicly listed organization phone number. Next, DigiCert uses the verified phone number to speak with someone who represents the organization, such as an organization or technical contact, to verify your authority to request a certificate for the organization. DigiCert can also speak to you, the certificate requestor, if another representative is unavailable.

How long does it take to issue my S/MIME Certificate?

The deadline will depend on the completion of the validation process.

Typically it takes DigiCert 1-5 business days to issue the certificate.

Which mail systems / clients support S/MIME Certificates?

S/MIME Certificates are natively compatible with all major email clients, internet browsers and mobile devices.

Email clients:

Microsoft Outlook
Apple Mail and MailMate
Samsung Mail
CipherMail para Android
eM Client
Mozilla Thunderbird
Gnome Evolution
SeaMonkey

Web clients:

Outlook Web App (Exchange Server 2013 or 2010)
Outlook on the Web or Exchange Online (Microsoft 365 or Exchange Server 2016)
Gmail (G Suite Enterprise or Education)
Zimbra Web Client
Zoho Mail (Mail Premium or Workplace Professional)

Operating system (OS):

Windows
Linux
MacOS
iOS
Android

What are the requirements for digitally signing and encrypting an email?

First import and configure your S/MIME Certificate in your system or mail client.

To send a digitally signed email, the recipient does not need to have an S/MIME Certificate. Your digital signature will automatically be validated.

Email encryption is only possible if both sender and recipient have a valid S/MIME certificate and the public keys have been exchanged in advance. To exchange the public keys, simply exchange a digitally signed email with the recipient.

Do I need to create a backup of my S/MIME certificate?

We always recommend that our customers perform a backup of their email Certificate in PKCS#12 format. If you have a backup in place, then you can recover the certificate from the backup. You will need to import the PKCS#12 file on to your system, so that you can recover the certificate.

Always keep all the S/MIME Certificates you used, even those that have expired, so you can read encrypted emails you sent and received with it.

How do I backup my S/MIME Certificate?

After successfully collecting your S/MIME Certificate, it will then be available in a keystore used by the browser. Users can then export the certificate from the browser into a PKCS#12 (PFX/P12) format, which is going to contain the Certificate and its corresponding Private Key.

What should I do if I have lost my S/MIME Certificate?

If you have a backup of the S/MIME Certificate in PKCS#12 format, you can recover it from the backup. If you don't have a backup of the certificate, you will not be able to read any old emails encrypted using the lost certificate.

If your S/MIME Certificate is within its validity period, you can request the reissue of the certificate free of charge, but you will not be able to read any old emails encrypted using the lost certificate.

Can I use my S/MIME Certificate on other computers and mobile devices?

Yes, you can use your S/MIME Certificate on any compatible computer, smartphone or tablet. Just import the P12/PFX certificate file.

Can I recover or reset the password given to a P12/PFX file?

It is impossible to reset or recover a lost password of a PFX file. Passwords for PFX/P12 files were assigned by the user at the time of exporting it from the browser. However, if you have the access to the original system and browser used to collect the certificate, you can re-export the S/MIME Certificate into a PKCS#12 format, so that you will get a new PFX file.