S/MIME Certificate - Secure Email Encryption

Enable secure email communications, protect against a wide range of cyber threats, and prevent data breaches.

DigiCert S/MIME Certificates digitally sign and encrypt your emails, confirming your true identity as a verified sender and ensuring the confidentiality and integrity of your email communications.

Digital signatures identify and validate the sender, proving the origin of the email and ensuring that it has not been tampered on delivery. This helps users identify and avoid phishing scams.

End-to-end encryption protects the content of the email by making it unreadable to anyone other than the intended recipient. The S/MIME certificate enhances privacy and data security. Stay compliant with laws and regulations around the world.

Comprehensive email protection for you, your business, and your customers. S/MIME certificates give you confidence in your communications and help prevent the kinds of email-based attacks that can damage your business.


Compare S/MIME Email Certificates

The best S/MIME Certificates from DigiCert, the world's largest high-assurance certificate authority.

Price per email address
Secure Email for Individual
Secure Email for Business
S/MIME Certificate Type
Secure Email for Individual
Class 1
Secure Email for Business
Class 2 (Client Premium)
Validation type
Secure Email for Individual
DV (Email Verification)
Secure Email for Business
OV (Organization Verification)
Issuance Time
Secure Email for Individual
Auto-validation, issuance in minutes
Secure Email for Business
2-3 Days
Verifies owner's email
Secure Email for Individual
Secure Email for Business
Verifies the sender's name and your company name
(Provides an additional level of security for email recipients)
Secure Email for Individual
Secure Email for Business
Email Signing
Secure Email for Individual
Secure Email for Business
Encrypt and Decrypt the Sent & Received emails
Secure Email for Individual
Secure Email for Business
Auto Encryption of Email Reply
Secure Email for Individual
Secure Email for Business
Sign MS Office and Open Office documents with digital signatures
Secure Email for Individual
Secure Email for Business
Two-Factor Authentication
Secure Email for Individual
Secure Email for Business
FDA ESG Compliant
Secure Email for Individual
Secure Email for Business
All prices do not include VAT
Assinatura anual

12 month

auto-renewing subscription.

Digitally signed and encrypted email with S/MIME certificate
Secure Email
Secure Email Signing & Encryption

Protect your employees, partners and customers from phishing attacks and data leaks, and prevent hackers from reading your email. The DigiCert S/MIME certificate will apply its own cryptographic signature to all your emails so recipients can quickly verify that the email is from you (and not a cybercriminal). In addition, end-to-end encryption protects the content of your emails to protect personal data, passwords, business secrets, and other sensitive information sent via email.

Document Signing
Document Signing

An additional benefit of the DigiCert Premium S/MIME certificate is that it allows you to digitally sign Microsoft Office and Open Office documents. This means that anyone who is receiving the document will have proof that the document comes from who they say it comes from, and will know that there has been no tampering with the document during transit.

Client Authentication
Two-Factor Authentication

Another additional benefit provided by the S/MIME certificate is that it allows you to increase the protection of your network, applications, and servers with certificate-based two-factor authentication.

FDA ESG Compliant

To do business with the FDA (Food and Drug Administration), it is mandatory to encrypt your emails. ESG (Electronic Submission Gateways) verifies the identity of the sender before sending your email to the FDA office.

How S/MIME Certificates Protect Your Emails




No way to prove sender is author

Email could be intercepted

Email could be received by unintended party

Plaintext email can be viewed by others




Proves authorship

Shows the email came from you

Prevents tampering

Ensures message privacy

Keeps sensitive info private

Benefits of DigiCert Secure Email For Business Certificate

Confirm sender identity and email integrity

When you digitally sign your e-mails, the recipient has the assurance that the email comes from a verified and trusted source and that it has not been altered in transit.

Keep message content secure

Guarantees confidentiality. The S/MIME certificate encrypts the e-mail and attachments, so only the sender and recipient can read them.

Avoid email-based attacks

By encrypting and using digital signatures, S/MIME certificates help protect users from phishing, spoofing, and other types of email fraud.

Maintain Compliance

Encrypting your email with S/MIME certificates is a necessary approach to maintaining compliance. Several privacy laws and regulations require encryption to protect sensitive data, including GDPR, HIPAA, LGPD, DFARS, and PCI-DSS.

Native compatibility and easy to deploy

No additional software is required. S/MIME certificates are compatible with all major email clients, Internet browsers and mobile devices. For most clients, digitally signing and/or encrypting an email is as easy as clicking a button.

Protects your network and servers

Certificate-based authentication is far more secure than password authentication, which is susceptible to attacks, phishing, brute force, and interception.

S/MIME Certificates Solution FAQs
What is required to order the DigiCert S/MIME Certificate?

The S/MIME Certificate is issued per user (per email address). For example: If you want to use the S/MIME Certificate for 5 users in your company, you need to order 5 S/MIME Certificates.

All you need to apply for the Secure Email for Individual certificate is a valid email account. It is not necessary to own a company. Validation is done automatically by sending an approval link to the email to be certified.

To order the Secure Email for Business certificate please ensure that you have:

  • The domain of your email address registered to your organization.
  • A business phone number that can be found through a third-party directory.
  • Business headquarters and incorporation information.
  • Billing, technical and corporate authority contact details.

Upon completion of the organization validation process, we will send you an email with a link to generate the certificate directly in your browser (Chrome, Firefox, Edge, Opera or Safari). Once the certificate is generated, you can export it to a PFX file (PKCS12) in your browser.

How does DigiCert Secure Email for Business certificate validation process work?

For Secure Email for Business certificate orders, industry standards require DigiCert to validate the organization included in your certificate request before we can issue your certificate.

The validation process is required to:

  • Verify the legal existence of the organization and make sure it is in good standing.
  • Verify the legal physical address for the organization.
  • Confirm your authority to order a certificate for the organization.

To verify your organization's existence and status, DigiCert checks corporate registries, such as local government registration records, Dun & Bradstreet, and Business Profile on Google. DigiCert also checks for a history of fraud or phishing, and whether your organization is listed in government restricted entities or anti-terrorism databases.

Most of the organization verification work is done by DigiCert, we generally ask for very little help from you. However, a DigiCert validation agent may reach out to you for an acceptable document to help DigiCert confirm your organization is a legally and lawfully formed organization.

To prove your domain ownership, there are two options:

  • Email Verification: DigiCert sends an email with a verification link to five constructed email addresses for the domain: admin, administrator, webmaster, hostmaster, and postmaster @[domain_name].
  • DNS Verification: Add a DigiCert generated token to the domain's DNS as a TXT record.

To confirm your authority to order certificates for the organization, DigiCert must first find a verified, publicly listed organization phone number. Next, DigiCert uses the verified phone number to speak with someone who represents the organization, such as an organization or technical contact, to verify your authority to request a certificate for the organization. DigiCert can also speak to you, the certificate requestor, if another representative is unavailable.

Note: Due to the validation requirements, there may be a delay between when you place your order and when you receive your certificate. After submitting your order, the order status will show as Pending while DigiCert validates the order.

What is the issuance time for the DigiCert Secure Email for Business certificate?

The deadline will depend on the completion of the validation process.

Typically it takes DigiCert 1-5 business days to issue the certificate.

Which mail systems / clients support S/MIME Certificates?

S/MIME Certificates are natively compatible with all major email clients, internet browsers and mobile devices.

Email clients:

  • Microsoft Outlook
  • Apple Mail and MailMate
  • iPhone iOS Mail
  • Samsung Mail
  • CipherMail para Android
  • eM Client
  • Mozilla Thunderbird
  • Gnome Evolution
  • SeaMonkey

Web clients:

  • Outlook Web App (Exchange Server 2013 or 2010)
  • Outlook on the Web or Exchange Online (Microsoft 365 or Exchange Server 2016)
  • Gmail (G Suite Enterprise or Education)
  • Zimbra Web Client
  • Zoho Mail (Mail Premium or Workplace Professional)

Operating system (OS):

  • Windows
  • Linux
  • MacOS
  • iOS
  • Android

And any other email client or system that supports S/MIME certificates.

What are the requirements for digitally signing and encrypting an email?

First import and configure your S/MIME Certificate in your system or mail client.

To send a digitally signed email, the recipient does not need to have an S/MIME Certificate. Your digital signature will automatically be validated.

Email encryption is only possible if both sender and recipient have a valid S/MIME certificate and the public keys have been exchanged in advance. To exchange the public keys, simply exchange a digitally signed email with the recipient.

Do I need to create a backup of my S/MIME certificate?

We always recommend that our customers perform a backup of their email Certificate in PKCS#12 format. If you have a backup in place, then you can recover the certificate from the backup. You will need to import the PKCS#12 file on to your system, so that you can recover the certificate.

Always keep all the S/MIME Certificates you used, even those that have expired, so you can read encrypted emails you sent and received with it.

How do I backup my S/MIME Certificate?

After successfully collecting your S/MIME Certificate, it will then be available in a keystore used by the browser. Users can then export the certificate from the browser into a PKCS#12 (PFX/P12) format, which is going to contain the Certificate and its corresponding Private Key.

What should I do if I have lost my S/MIME Certificate?

If you have a backup of the S/MIME Certificate in PKCS#12 format, you can recover it from the backup. If you don't have a backup of the certificate, you will not be able to read any old emails encrypted using the lost certificate.

If your S/MIME Certificate is within its validity period, you can request the reissue of the certificate free of charge, but you will not be able to read any old emails encrypted using the lost certificate.

Can I use my S/MIME Certificate on other computers and mobile devices?

Yes, you can use your S/MIME Certificate on any compatible computer, smartphone or tablet. Just import the P12/PFX certificate file.

Can I recover or reset the password given to a P12/PFX file?

It is impossible to reset or recover a lost password of a PFX file. Passwords for PFX/P12 files were assigned by the user at the time of exporting it from the browser. However, if you have the access to the original system and browser used to collect the certificate, you can re-export the S/MIME Certificate into a PKCS#12 format, so that you will get a new PFX file.