Secure Email S/MIME Certificate

Secure Email S/MIME Certificate

Protect enterprise communication from a variety of cyber threats and prevent data breaches.

S/MIME Certificates make it easy to digitally sign and encrypt your emails, ensuring the security, confidentiality, and integrity of your email communications.

Digital signatures identify and validate the sender, proving the origin of the email and ensuring that it has not been tampered with in delivery. This helps users identify and avoid email phishing scams.

End-to-end encryption protects the email contents to make it unreadable to anyone other than the intended recipient. S/MIME Certificate helps enhance privacy and data security. Stay compliant with laws and regulations around the world.

Comprehensive email protection for your business and customers. S/MIME Certificates give your employees the confidence to trust their communications and helps prevent the kinds of email-based attacks that can be so damaging to a business's brand and bottom line.


Client Premium S/MIME Certificate

The best S/MIME Certificate from DigiCert, the world's largest high-assurance certificate authority.

Email assinado digitalmente e criptografado com certificado S/MIME
Secure Email
Secure Email Signing & Encryption

Protect your employees, partners and customers against phishing attacks and data leakage, while also keeping hackers from reading your emails. DigiCert S/MIME Certificate will apply your own cryptographic signature to emails so recipients can quickly verify the email is coming from you (and not a cybercriminal). Plus, end-to-end encryption safeguards your email contents to protect personal data, passwords, trade secrets, and other confidential information sent via email.

Document Signing
Document Signing

An added benefit of the DigiCert Premium S/MIME Certificate is that it allows you to digitally sign Microsoft Office and Open Office documents. This means that anyone who is receiving the document will have proof that the document is coming from who it says it's coming from and they'll know there was not any tampering with the document while in transit.

Client Authentication

Another additional benefit this S/MIME Certificate provides is that it allows you to increase protection for your network, applications, and servers with certificate-based two-factor authentication.

DigiCert Premium S/MIME Certificate

price per certificate

per year

Organization Validation (OV)

Validates ownership of email address and identity of organization and individual.

Certificate Fields

email address

employee's name or department name

company name

company address (city, state and country)

How S/MIME Certificates Protect Your Emails




No way to prove sender is author

Email could be intercepted

Email could be received by unintended party

Plaintext email can be viewed by others




Proves authorship

Shows the email came from you

Prevents tampering

Ensures message privacy

Keeps sensitive info private

Benefits of DigiCert Premium S/MIME Certificates

Confirm Sender Identity

Confirm sender identity and email integrity

When you digitally sign your emails, the recipient will know for sure that the email is coming from a verified, trusted source and that the email has not been altered in transit.

Ensures confidentiality

Keep message content secure

Ensures confidentiality. S/MIME Certificate encrypts your email and attachments so that only the sender and intended recipient are able to read it.

Advanced Security

Avoid email-based attacks

Through encryption and the use of digital signatures, S/MIME Certificates help to protect users against phishing, spoofing and other forms of email fraud.

Maintain Compliance

Maintain Compliance

Encrypting your emails with S/MIME certificates is one important tactic needed to stay compliant. Multiple privacy laws and regulations require encryption to protect sensitive data, including GDPR, HIPAA, LGPD, DFARS and PCI-DSS.

Native compatibility

Native compatibility and easy to deploy

No additional software needed and is compatible with all major email clients, internet browsers and mobile devices. For most clients digitally signing and/or encrypting an email is as simple as clicking a button.

Protects your network and servers

Protects your network and servers

Certificate-based authentication is far more secure than password authentication, which is susceptible to attacks, phishing, brute force, and interception.

S/MIME Certificates Solution FAQs
What is required to order the DigiCert Premium S/MIME Certificate?
Up Up

Before you submit your S/MIME Certificate request, please ensure you have:

  • The domain of your email address registered to your organization
  • A business phone number that can be found through a third-party directory
  • Business headquarters and incorporation information
  • Billing, technical and corporate authority contact details

The S/MIME Certificate is issued per user (per e-mail address). For example: If you want to use the S/MIME Certificate for 5 users in your company, you need to order 5 S/MIME Certificates.

Note: Due to the validation requirements, there may be a delay between when you place your order and when you receive your certificate.

Upon completion of the organization validation process, we will send you an email with a link to generate the certificate directly in your browser (Chrome, Firefox, Edge, Opera or Safari). Once the certificate is generated, you can export it to a PFX file (PKCS12) in your browser.

How does DigiCert Premium S/MIME Certificate validation process work?
Up Up

For DigiCert Premium S/MIME Certificate orders, industry standards require DigiCert to validate the organization included in your certificate request before we can issue your certificate.

The validation process is required to:

  • Verify the legal existence of the organization and make sure it is in good standing
  • Verify the legal physical address for the organization
  • Prove your domain ownership
  • Confirm your authority to order a certificate for the organization

To verify your organization's existence and status, DigiCert checks corporate registries, such as local government registration records, Dun & Bradstreet, and Business Profile on Google. We also check for history with fraud or phishing, and also whether your organization is in government restricted entities or anti-terrorism databases.

Most of the organization verification work is done by DigiCert, we generally ask for very little help from you. However, a DigiCert validation agent may reach out to you for an acceptable document to help DigiCert confirm your organization is a legally and lawfully formed organization.

To prove your domain ownership, there are two options:

  • Email Verification: DigiCert sends an email with a verification link to five constructed email addresses for the domain: admin, administrator, webmaster, hostmaster, and postmaster @[domain_name].
  • DNS Verification: Add a DigiCert generated token to the domain's DNS as a TXT record.

To confirm your authority to order certificates for the organization, DigiCert must first find a verified, publicly listed organization phone number. Next, DigiCert uses the verified phone number to speak with someone who represents the organization, such as an organization or technical contact, to verify your authority to request a certificate for the organization. DigiCert can also speak to you, the certificate requestor, if another representative is unavailable.

How long does it take to issue my S/MIME Certificate?
Up Up

The deadline will depend on the completion of the validation process.

Typically it takes DigiCert 1-5 business days to issue the certificate.

Which mail systems / clients support S/MIME Certificates?
Up Up

S/MIME Certificates are natively compatible with all major email clients, internet browsers and mobile devices.

Email clients:

  • Microsoft Outlook
  • Apple Mail and MailMate
  • Samsung Mail
  • CipherMail para Android
  • eM Client
  • Mozilla Thunderbird
  • Gnome Evolution
  • SeaMonkey

Web clients:

  • Outlook Web App (Exchange Server 2013 or 2010)
  • Outlook on the Web or Exchange Online (Microsoft 365 or Exchange Server 2016)
  • Gmail (G Suite Enterprise or Education)
  • Zimbra Web Client
  • Zoho Mail (Mail Premium or Workplace Professional)

Operating system (OS):

  • Windows
  • Linux
  • MacOS
  • iOS
  • Android
What are the requirements for digitally signing and encrypting an email?
Up Up

First import and configure your S/MIME Certificate in your system or mail client.

To send a digitally signed email, the recipient does not need to have an S/MIME Certificate. Your digital signature will automatically be validated.

Email encryption is only possible if both sender and recipient have a valid S/MIME certificate and the public keys have been exchanged in advance. To exchange the public keys, simply exchange a digitally signed email with the recipient.

Do I need to create a backup of my S/MIME certificate?
Up Up

We always recommend that our customers perform a backup of their email Certificate in PKCS#12 format. If you have a backup in place, then you can recover the certificate from the backup. You will need to import the PKCS#12 file on to your system, so that you can recover the certificate.

Always keep all the S/MIME Certificates you used, even those that have expired, so you can read encrypted emails you sent and received with it.

How do I backup my S/MIME Certificate?
Up Up

After successfully collecting your S/MIME Certificate, it will then be available in a keystore used by the browser. Users can then export the certificate from the browser into a PKCS#12 (PFX/P12) format, which is going to contain the Certificate and its corresponding Private Key.

What should I do if I have lost my S/MIME Certificate?
Up Up

If you have a backup of the S/MIME Certificate in PKCS#12 format, you can recover it from the backup. If you don't have a backup of the certificate, you will not be able to read any old emails encrypted using the lost certificate.

If your S/MIME Certificate is within its validity period, you can request the reissue of the certificate free of charge, but you will not be able to read any old emails encrypted using the lost certificate.

Can I use my S/MIME Certificate on other computers and mobile devices?
Up Up

Yes, you can use your S/MIME Certificate on any compatible computer, smartphone or tablet. Just import the P12/PFX certificate file.

Can I recover or reset the password given to a P12/PFX file?
Up Up

It is impossible to reset or recover a lost password of a PFX file. Passwords for PFX/P12 files were assigned by the user at the time of exporting it from the browser. However, if you have the access to the original system and browser used to collect the certificate, you can re-export the S/MIME Certificate into a PKCS#12 format, so that you will get a new PFX file.