Client (S/MIME) Certificates
S/MIME Certificates for Encrypted emails

Encrypt every
email with S/MIME
Certificates

Prevent message hijacking and manipulation.
That’s digital trust for the real world.
Filled Email Icon

Organization-wide email encryption for businesses of every size

Email encryption is a must-have in today’s digital world, especially for growing companies and global enterprises. 300 billion emails travel the internet every day, and most are completely exposed to anyone interested in stealing information, manipulating messages or monitoring senders and recipients.

S/MIME, which stands for Secure/Multipurpose Internet Extensions, is a security standard supported by all major email applications, including Apple Mail, Microsoft Outlook and Exchange, mobile OS email apps and more. DigiCert S/MIME certificates for business validate your senders, email addresses and organization, ensuring every email is signed and encrypted to prevent phishing and tampering.

Outlined Code Icon

End-to-end security for plain-text emails, data and attachments

Cyberattacks are growing more sophisticated, but that doesn’t stop individuals and small-business owners from hitting send on sensitive messages like financial contracts, tax documents and medical information. Email privacy has never been more important than it is today—and transparent email encryption with S/MIME makes it possible.

By securing your personal or small-business email with a DigiCert S/MIME certificate (also known as an email signing certificate or personal authentication certificate), you can easily encrypt and digitally sign every message to protect yourself against phishing, spoofing and man-in-the-middle attacks.

Flexible S/MIME options

Secure Email for Individual

$59/year (or $113/year with 2-year plan)

Ideal for individuals and small businesses

Emails encrypted end-to-end

Prevent email fraud with digitally signed emails

Digitally sign Microsoft Office files (.docx, .pptx, .xlsx, etc.)

Supported by popular email clients like Apple Mail and Microsoft Outlook

Validates sender’s email address

Free standard support

 

 

Secure Email for Business

$119/year (or $226/year with 2-year plan)

Ideal for medium to large organizations

Emails encrypted end-to-end

Prevent email fraud with digitally signed emails

Digitally sign Microsoft Office files (.docx, .pptx, .xlsx, etc.)

Supported by popular email clients like Apple Mail and Microsoft Outlook

Validates sender’s name

Validates email address

Validates the organization or company

Free standard support

How S/MIME works

Email encryption ensures no one will read your message but the person you sent it to while signing the message so the recipient can verify the authenticity and origin of your email.

An S/MIME certificate provides you with a public and private key pair. Your secret private key signs messages you send and decrypts messages sent to you. The public key is shared so people receiving your messages can verify your signature, and it encrypts messages so only you can read them.

After installing the certificate, this process is transparent with most email providers like Apple, Google, Microsoft and Yahoo.

Client (S/MIME) Certificates

Signing emails for even more trust

Attaching a digital signature to an email adds an extra layer of security and trust to every message you send. Your digital signature (and the S/MIME certificate and public key it contains) originates from your validated digital identity, which serves as your unique digital fingerprint, locking the original message while it travels from your outbox to the recipient’s inbox to offer reassurance that the message is from you and that its contents haven’t been manipulated in any way.

 

The S/MIME authentication process

Identity is the backbone of S/MIME certificates. That’s why DigiCert protects you and your recipients by conducting a thorough validation and authentication process before issuing your certificate. DigiCert's validation and authentication process complies with official standards and is subject to regular
external audits.

System requirements

Desktop or laptop computer

Chrome, Firefox, Opera, Safari or
other modern browser

Use same system to order and
collect certificate in the PKCS 12
format

Prerequisites

When ordering a secure email
certificate, submit a Certificate
Signing Request (CSR/PKCS 10) you
created or one generated for you on
the DigiCert website during the order
process

Order overview

Ordering and collecting your certificate is a four-step process:

  1. Order the certificate. At checkout, enter the registered domain of your email address (the part after the @) in the Primary Domain field. For example, if John Smith’s email address is John.Smith@example.com, John would enter example.com in the Primary Domain field.
  2. Request the certificate. You must provide your personal details for the certificate, along with a Certificate Signing Request (CSR).
  3. Download the certificate.
  4. Install the certificate.

Note: Due to validation requirements, there may be a delay between placing your order and receiving your certificate. After submitting your order, the order status will show as Pending while DigiCert validates the order. When you receive an email notifying you that your order has been approved, you can proceed to creating the certificate request.

Related resources

Verified Mark Certificates for Email Integrity
VIDEO

Verified Mark Certificates for Email Integrity

DMARC is the foundation of verified email—and a good idea for every organization.
GUIDE

DMARC is the foundation of verified email—and a good idea for every organization.

Securing email: Digital trust in communications
BLOG

Securing email: Digital trust in communications

TALK TO AN EXPERT TO LEARN HOW DIGICERT SOLUTIONS CAN
HELP YOU DELIVER DIGITAL TRUST

By supplying my personal information and clicking submit, I agree to receive communications about DigiCert products and services, and I agree to DigiCert and its affiliates processing my data in accordance with DigiCert's Privacy Policy.

Frequently asked questions
 

Is an S/MIME certificate the same as a client certificate?

You’ll sometimes hear S/MIME certificates referred to as client certificates, but they’re actually two different things. Client certificates use client authentication to provide additional authentication and access control by checking client certificates at the server, preventing a client from obtaining a connection without an approved certificate.

What is client certificate authentication and how is it different from S/MIME?

Client certificate authentication generally describes the process that happens when a laptop or other user device uses a digital certificate to prove its identity to a server. Client certificates can also be used to encrypt network communication between two devices using TLS . Large organizations typically use this type of authentication to ensure only trusted devices are allowed to connect to the network.

S/MIME certificates are specific to email. Unlike a client certificate used for authentication and TLS encryption, S/MIME certificates encrypt email messages, ensuring they're only decrypted when viewed by the intended recipient.

The key difference is that the TLS encryption used in client certificate authentication only encrypts the communication between your email software and your email server, not between sender and recipient.

What industries require email encryption for compliance in communications?

Healthcare, insurance, retail and the defense industrial base are a few of the industries that commonly require the encryption of sensitive data in email. For example, PCI DSS requirement 3.4 states that cardholder data must be rendered unreadable wherever it’s stored. Encryption is one of the methods for meeting this requirement.

Under HIPAA, covered entities must have controls to ensure the confidentiality and integrity of protected healthcare information. HIPAA also includes a public breach disclosure requirement that organizations can avoid if the PHI was encrypted at the time of unauthorized access.

As a final example, information subject to U.S. export controls must be secured with end-to-end encryption such that only the intended recipient(s) can access it. Seek the advice of a qualified professional to assess your needs relative to any compliance obligations you have.

Does a client certificate meet the same compliance standards as S/MIME certificates?

A premium client certificate from DigiCert could be used to authenticate clients to servers, sign documents and secure email. But this isn't always the case, as these use cases are governed by different browser and CA/B Forum requirements.

How can my company help prevent email phishing?

Preventing phishing requires multiple layers of email security, including enabling S/MIME, enforcing DMARC, and taking advantage of brand indicators.

As part of phishing schemes, attackers often spoof company emails, sending malicious messages that appear to originate from the company or even from individual employees. Most companies don’t know when attackers are doing this. And when customers get scammed, it can erode customer loyalty and increase support costs and fraud losses.

By enforcing a DMARC policy at the company level, you can make it more difficult for attackers to spoof your domain. Using S/MIME to sign emails also provides tangible proof to the recipient that the message was not sent from a spoofed or impostor account.

Brand indicators like BIMI use Verified Mark Certificates (VMC) with DMARC enforcement to provide an added layer of assurance to customers. DMARC helps improve delivery of your emails, but a VMC can help your customers know that the email is actually from your company by displaying your logo next to the email in their inbox.