from

/year

S/MIME Certificate - Secure Email Encryption

Enhance your email security, protect against cyber threats, and prevent data breaches with S/MIME Certificates.

DigiCert S/MIME Certificates provide end-to-end encryption for your emails, ensuring the confidentiality and integrity of your communications. These certificates digitally sign and encrypt your messages, confirming your true identity as a verified sender and safeguarding the content from unauthorized access.

Key Benefits:

Digital Signatures: Identify and validate the sender, proving the origin of the email and ensuring it hasn't been tampered with during transmission. This helps recipients identify and avoid phishing scams.
End-to-End Encryption: Protect the content of your emails by making them unreadable to anyone other than the intended recipient. This enhances privacy and data security, keeping sensitive information confidential.
Regulatory Compliance: Stay compliant with various laws and regulations worldwide, including those in healthcare, insurance, retail, and the defense industrial base.
Phishing Prevention: Defend against email spoofing and man-in-the-middle attacks, reducing the risk of fraud and protecting your organization's reputation.

S/MIME certificates offer comprehensive email protection for you, your business, and your customers. By implementing this solution, you can have confidence in your communications and help prevent email-based attacks that could potentially damage your business.

Compare S/MIME Email Certificates

The best S/MIME Certificates from DigiCert, the world's largest high-assurance certificate authority.

	Secure Email for Individual	Secure Email for Business
Price per email address	Secure Email for Individual /year	Secure Email for Business /year
S/MIME Certificate Type	Secure Email for Individual Class 1	Secure Email for Business Class 2 (Client Premium)
Validation type	Secure Email for Individual DV (Email Verification)	Secure Email for Business OV (Organization Verification)
Issuance Time	Secure Email for Individual Auto-validation, issuance in minutes	Secure Email for Business 2-3 Days
Verifies owner's email	Secure Email for Individual	Secure Email for Business
Verifies the sender's name and your company name (Provides an additional level of security for email recipients)	Secure Email for Individual	Secure Email for Business
Email Signing	Secure Email for Individual	Secure Email for Business
Encrypt and Decrypt the Sent & Received emails	Secure Email for Individual	Secure Email for Business
Auto Encryption of Email Reply	Secure Email for Individual	Secure Email for Business
Sign MS Office and Open Office documents with digital signatures	Secure Email for Individual	Secure Email for Business
Two-Factor Authentication	Secure Email for Individual	Secure Email for Business
FDA ESG Compliant	Secure Email for Individual	Secure Email for Business
	BUY S/MIME INDIVIDUAL	BUY S/MIME BUSINESS

All prices do not include VAT

Digitally signed and encrypted email with S/MIME certificate

Robust Protection Against Cyber Threats

Shield your employees, partners, and customers from phishing attacks and data breaches while preventing unauthorized access to your emails. The DigiCert S/MIME certificate employs advanced cryptographic signatures for all your outgoing messages, enabling recipients to swiftly verify the authenticity of your communications. This powerful tool effectively distinguishes legitimate emails from those sent by cybercriminals.

Document Signing

An additional benefit of the DigiCert Premium S/MIME certificate is that it allows you to digitally sign Microsoft Office and Open Office documents. This means that anyone who is receiving the document will have proof that the document comes from who they say it comes from, and will know that there has been no tampering with the document during transit.

Two-Factor Authentication

Another additional benefit provided by the S/MIME certificate is that it allows you to increase the protection of your network, applications, and servers with certificate-based two-factor authentication.

FDA ESG Compliant

To do business with the FDA (Food and Drug Administration), it is mandatory to encrypt your emails. ESG (Electronic Submission Gateways) verifies the identity of the sender before sending your email to the FDA office.

How S/MIME Certificates Protect Your Emails

UNSIGNED AND UNSECURED EMAIL

VULNERABILITY

No way to prove sender is author

Email could be intercepted

Email could be received by unintended party

Plaintext email can be viewed by others

SIGNED AND ENCRYPTED EMAIL

SECURE AND VALIDATED

Proves authorship

Shows the email came from you

Prevents tampering

Ensures message privacy

Keeps sensitive info private

Benefits of DigiCert Secure Email For Business Certificate

Confirm sender identity and email integrity

When you digitally sign your e-mails, the recipient has the assurance that the email comes from a verified and trusted source and that it has not been altered in transit.

Keep message content secure

Guarantees confidentiality. The S/MIME certificate encrypts the e-mail and attachments, so only the sender and recipient can read them.

Avoid email-based attacks

By encrypting and using digital signatures, S/MIME certificates help protect users from phishing, spoofing, and other types of email fraud.

Maintain Compliance

Encrypting your email with S/MIME certificates is a necessary approach to maintaining compliance. Several privacy laws and regulations require encryption to protect sensitive data, including GDPR, HIPAA, LGPD, DFARS, and PCI-DSS.

Native compatibility and easy to deploy

No additional software is required. S/MIME certificates are compatible with all major email clients, Internet browsers and mobile devices. For most clients, digitally signing and/or encrypting an email is as easy as clicking a button.

Protects your network and servers

Certificate-based authentication is far more secure than password authentication, which is susceptible to attacks, phishing, brute force, and interception.

S/MIME Certificates Solution FAQs

What is required to order the DigiCert S/MIME Certificate?

The S/MIME Certificate is issued per user (per email address). For example: If you want to use the S/MIME Certificate for 5 users in your company, you need to order 5 S/MIME Certificates.

All you need to apply for the Secure Email for Individual certificate is a valid email account. It is not necessary to own a company. Validation is done automatically by sending an approval link to the email to be certified.

To order the Secure Email for Business certificate please ensure that you have:

The domain of your email address registered to your organization.
A business phone number that can be found through a third-party directory.
Business headquarters and incorporation information.
Billing, technical and corporate authority contact details.

Upon completion of the organization validation process, we will send you an email with a link to generate the certificate directly in your browser (Chrome, Firefox, Edge, Opera or Safari). Once the certificate is generated, you can export it to a PFX file (PKCS12) in your browser.

How does DigiCert Secure Email for Business certificate validation process work?

For Secure Email for Business certificate orders, industry standards require DigiCert to validate the organization included in your certificate request before we can issue your certificate.

The validation process is required to:

Verify the legal existence of the organization and make sure it is in good standing.
Verify the legal physical address for the organization.
Confirm your authority to order a certificate for the organization.

To verify your organization's existence and status, DigiCert checks corporate registries, such as local government registration records, Dun & Bradstreet, and Business Profile on Google. DigiCert also checks for a history of fraud or phishing, and whether your organization is listed in government restricted entities or anti-terrorism databases.

Most of the organization verification work is done by DigiCert, we generally ask for very little help from you. However, a DigiCert validation agent may reach out to you for an acceptable document to help DigiCert confirm your organization is a legally and lawfully formed organization.

To prove your domain ownership, there are two options:

Email Verification: DigiCert sends an email with a verification link to five constructed email addresses for the domain: admin, administrator, webmaster, hostmaster, and postmaster @[domain_name].
DNS Verification: Add a DigiCert generated token to the domain's DNS as a TXT record.

To confirm your authority to order certificates for the organization, DigiCert must first find a verified, publicly listed organization phone number. Next, DigiCert uses the verified phone number to speak with someone who represents the organization, such as an organization or technical contact, to verify your authority to request a certificate for the organization. DigiCert can also speak to you, the certificate requestor, if another representative is unavailable.

Note: Due to the validation requirements, there may be a delay between when you place your order and when you receive your certificate. After submitting your order, the order status will show as Pending while DigiCert validates the order.

What is the issuance time for the DigiCert Secure Email for Business certificate?

The deadline will depend on the completion of the validation process.

Typically it takes DigiCert 1-5 business days to issue the certificate.

Which mail systems / clients support S/MIME Certificates?

S/MIME Certificates are natively compatible with all major email clients, internet browsers and mobile devices.

Email clients:

Microsoft Outlook
Apple Mail and MailMate
iPhone iOS Mail
Samsung Mail
CipherMail para Android
eM Client
Mozilla Thunderbird
Gnome Evolution
SeaMonkey

Web clients:

Outlook Web App (Exchange Server 2013 or 2010)
Outlook on the Web or Exchange Online (Microsoft 365 or Exchange Server 2016)
Gmail (G Suite Enterprise or Education)
Zimbra Web Client
Zoho Mail (Mail Premium or Workplace Professional)

Operating system (OS):

Windows
Linux
MacOS
iOS
Android

And any other email client or system that supports S/MIME certificates.

What are the requirements for digitally signing and encrypting an email?

First import and configure your S/MIME Certificate in your system or mail client.

To send a digitally signed email, the recipient does not need to have an S/MIME Certificate. Your digital signature will automatically be validated.

Email encryption is only possible if both sender and recipient have a valid S/MIME certificate and the public keys have been exchanged in advance. To exchange the public keys, simply exchange a digitally signed email with the recipient.

Do I need to create a backup of my S/MIME certificate?

We always recommend that our customers perform a backup of their email Certificate in PKCS#12 format. If you have a backup in place, then you can recover the certificate from the backup. You will need to import the PKCS#12 file on to your system, so that you can recover the certificate.

Always keep all the S/MIME Certificates you used, even those that have expired, so you can read encrypted emails you sent and received with it.

How do I backup my S/MIME Certificate?

After successfully collecting your S/MIME Certificate, it will then be available in a keystore used by the browser. Users can then export the certificate from the browser into a PKCS#12 (PFX/P12) format, which is going to contain the Certificate and its corresponding Private Key.

What should I do if I have lost my S/MIME Certificate?

If you have a backup of the S/MIME Certificate in PKCS#12 format, you can recover it from the backup. If you don't have a backup of the certificate, you will not be able to read any old emails encrypted using the lost certificate.

If your S/MIME Certificate is within its validity period, you can request the reissue of the certificate free of charge, but you will not be able to read any old emails encrypted using the lost certificate.

Can I use my S/MIME Certificate on other computers and mobile devices?

Yes, you can use your S/MIME Certificate on any compatible computer, smartphone or tablet. Just import the P12/PFX certificate file.

Can I recover or reset the password given to a P12/PFX file?

It is impossible to reset or recover a lost password of a PFX file. Passwords for PFX/P12 files were assigned by the user at the time of exporting it from the browser. However, if you have the access to the original system and browser used to collect the certificate, you can re-export the S/MIME Certificate into a PKCS#12 format, so that you will get a new PFX file.