Email Certificates (SMIME Certificates)
Email certificates, also known as SMIME certificates, are digital certificates that can be used to sign and encrypt email messages. When you encrypt an email using an email certificate, only the person that you sent it to can decrypt and read the email. The recipient can also be sure that the email hasn’t been changed in any way.
Why do I need email certificates?
If you don’t use an email certificate, your emails can be read by anyone, or any server, that is used to pass the emails to the recipient. This can be a lot people. This would be like sending a postcard through the mail so that all of the postal workers and anyone who really wants to can read it. With an email certificate, you are 100% guaranteed to have secure email while it is being transmitted.
Some email servers use a different kind of certificate called a server authentication SSL certificate. This secures all email transmissions from the server to your local computer, but once you send an email to another email account on another email server, it leaves that safe haven and travels to the unprotected lines of the Internet where anyone can read it. An SMIME certificate ensures end-to-end security.
How do I get email certificates?
The process of getting an email certificate is very simple. You simply apply for one from an SSL Certificate Authority and then prove that you own your email address. You’ll typically respond to an email that the certificate provider sends to your address. They will then send you the certificate file that you can install to your email client using the instructions below.
Some email certificates are free for personal use while others cost money. Use the following chart to find an email certificate provider:
Trusted By Default?
$30 for 1 Year
$13 for 1 Year for Basic
$34 for 1 Year
Email and Client Certificates
How do I install an SMIME certificate?
For step-by step instructions on how to order and install an SMIME certificate, see the following tutorials:
How does an SMIME Email Certificate work?
Once you install the SMIME (Secure / Multipurpose Internet Mail Extensions) certificate in your email client, you will send a signed email to people that need to send encrypted emails to you. Your contacts’ email client should automatically download your certificate add it the address book. From then on, your contacts can send you encrypted emails by clicking the “Encrypt” button when creating a new email. Different email clients handle this differently than others so make sure to check the documentation of the email client that you use.
What email clients can I use with an SMIME certificate?
Unfortunately, most webmail clients (OWA, Gmail, Hotmail, Yahoo), do not currently support SMIME certificates, but most desktop email clients, including the following, do support email certificates:
- Microsoft Outlook
- Outlook Express
- Mozilla Thunderbird
- Apple Mail.app
- Netscape Messenger
- Qualcomm Eudora
Problems with Email certificates
- Not all email clients support SMIME certificates so users may be confused by the smime.p7s attachment on emails.
- Email certificates aren’t normally considered practical for webmail clients because the private key would need to be kept on the server, preventing end-to-end encryption.
- Malware can be sent to in an encrypted email without being stopped by a company gateway.
- The private key of the SMIME certificate could be lost and the messages would not be readable.
Originally posted on Tue Sep 15, 2009