Email Certificates (SMIME Certificates)

Email Certificates

Email certificates, also known as SMIME certificates, are digital certificates that can be used to sign and encrypt email messages. When you sign an email using an email certificate, only the person that you sent it to can decrypt and read the email.  The recipient can also be sure that the email hasn’t been changed in any way.

Why do I need email certificates?

If you don’t use an email certificate, your emails can be read by anyone, or any server, that is used to pass the emails to the recipient. This can be a lot people. This would be like sending a postcard through the mail so that all of the postal workers and anyone who really wants to can read it. With an email certificate, you are 100% guaranteed to have secure email while it is being transmitted.

Some email servers use a different kind of certificate called a server authentication SSL certificate. This secures all email transmissions from the server to your local computer, but once you send an email to another email account on another email server, it leaves the safe haven and travels to the unprotected lines of the Internet where anyone can read it. An SMIME certificate ensures end-to-end security.

How do I get email certificates?

The process of getting an email certificate is very simple. You simply apply for one from an SSL Certificate Authority and then prove that you own your email address. You’ll typically respond to an email that the certificate provider sends to your address. They will then send you the certificate file that you can install to your email client using the instructions below.

Some email certificates are free for personal use while others cost money. Use the following chart to find an email certificate provider:

Provider

Cost

CA Rating

Trusted By Default?

More Info

Comodo

Free for personal use
From $12 for business use

Personal Email Certificates
Business Email Certificates

Verisign

$19.95

Digital IDs for Secure Email

Startcom

Free

S/MIME Certificates

GeoTrust

$19.95

My Credential Certificates

CACert

Free

 

Email and Client Certificates

How do I install an SMIME certificate?

For step-by step instructions on how to order and install and SMIME certificate, see the following tutorials:

How does an SMIME Email Certificate work?

Once you install the SMIME (Secure / Multipurpose Internet Mail Extensions) certificate in your email client, you will send a signed email to people that need to send encrypted emails to you. Your contacts’ email client should automatically download your certificate add it the address book. From then on, your contacts can send you encrypted emails by clicking the “Encrypt” button when creating a new email. Different email clients handle this differently than others so make sure to check the documentation of the email client that you use.

What email clients can I use with an SMIME certificate?

Unfortunately, most webmail clients (OWA, Gmail, Hotmail, Yahoo), do not support SMIME certificates, but most desktop email clients, including the following, do support email certificates:

  • Microsoft Outlook
  • Outlook Express
  • Mozilla Thunderbird
  • Apple Mail.app
  • Netscape Messenger
  • Qualcomm Eudora

Problems with Email certificates

  • Not all email clients support SMIME certificates so users may be confused by the smime.p7s attachment on emails.
  • Email certificates aren’t normally considered practical for webmail clients because the private key would need to be kept on the server, preventing end-to-end encryption.
  • Malware can be sent to in an encrypted email without being stopped by a company gateway.
  • The private key of the SMIME certificate could be lost and the messages would not be readable.

 Digg  del.icio.us  Reddit

Posted on September 15, 2009
Dean Stefanov
Posts: 2
Comment
Re: Signing an e-mail
Reply #2 on : Sun December 09, 2012, 03:35:33
Signing an encrypting an e-mail are two separate processes.

The statement "when you sign an email using an email certificate, only the person that you sent it to can decrypt and read the email." is not correct.

If you have a SMIME certificate you can sign your outgoing e-mails. The recipients, will know that the e-mails were send really from you, and that the e-mails were not tampered with. These e-mails are not encrypted, though!

Once the recipient has your public key (an email signed with your digital signature), he can decide to encrypt the e-mails he is sending back to you, with your public key. These emails are encrypted, and can be decrypted only by you (or a person, having your private key).

Regards,

Dean
Bernd Webster
Posts: 2
Comment
S/Mime is also supported by Lotus Notes
Reply #1 on : Fri December 18, 2009, 14:03:51
S/Mime is also supported by Lotus Notes since Version 7 ;-).

Write a comment


If you have trouble reading the code, click on the code itself to generate a new random code.
Security Code:
 
Post Comment