Learn about S/MIME certificates and their use

Aug 20, 2024 | Jindřich Zechmeister

In this article, we will look at what S/MIME certificates are used for. We offer three types, which I will introduce. For use in a company, it is good to beforehand consider whether it will be used by a person or a machine.

What is an S/MIME certificate and what is it used for?

Secure e-mail

S/MIME certificate (Secure/Multipurpose Internet Mail Extensions) is a type of digital certificate used to secure email communication. This certificate allows users to digitally sign and encrypt emails, ensuring their trustworthiness, integrity, and verifiability of their origin.

Main functions of the S/MIME certificate are:

  • Encryption: The S/MIME certificate allows email encryption. This means that the content of the email is converted into a format that can only be read by those with the correct key. This ensures that sensitive information contained in the email cannot be intercepted or read by unauthorized persons.
  • Digital signature: The certificate also allows digital signing of emails. A digital signature is a cryptographic operation that attaches a unique mark to the email. This confirms that the email was sent by the owner of the certificate and that the content of the email has not been altered after sending. The recipient can easily verify the origin and authenticity of the email.
  • Identity verification: The S/MIME certificate contains information about the certificate owner, which can be, for example, a name, email address, or organization name. This allows the email recipient to verify that the sender is indeed who they claim to be.

How to use S/MIME certificates

Companies and organizations often use S/MIME certificates to enhance communication security, especially when sending sensitive information such as business offers, contracts, or personal data.

Individuals can use S/MIME certificates to ensure the confidentiality of personal email communication, for example, when sending financial information or private documents.

S/MIME certificates are supported by most modern email clients, including Microsoft Outlook, Apple Mail, and many mobile applications. An S/MIME certificate can be obtained by purchasing it from a certification authority, which verifies the applicant's identity and issues the certificate.

S/MIME certificates in our offer

In the SSLmarket offer, we have 3 types of certificates for email signing. They differ mainly according to verification:

  1. Certificate for an individual - corresponds to Class 1 verification level, which was also the previous name. It contains only the person's email and the product is called Secure Email for Individual.
  2. Certificate for a company - corresponds to Class 2 verification level. It includes the verified organization. In addition to the company name, it can also include employee information, depending on which type you choose: Secure Email for Organization or Secure Email for Business.

The mentioned Class 2 certificates for companies differ in that Secure Email for Organization only includes the company name, while Secure Email for Business includes the company name along with the person's (employee's) name and email.

How to use the S/MIME certificate appropriately

Secure Email for Organization is suitable for machine use, similar to how an electronic seal is used instead of an electronic signature. If the emails are sent by a machine, such as newsletters, use this type of S/MIME certificate. It will not include any person, only the company and the corresponding email.

For regular communication, Secure Email for Business is suitable, which includes the employee's name and email. This is the usual type for electronic communication within and outside the company.

Secure Email for Individual is then used by customers for personal purposes or by people who do not have their own company.

Trustworthiness of S/MIME certificates

DigiCert S/MIME certificates are fully trustworthy, meaning they are trusted by all programs (e.g., Outlook) from all manufacturers. You can count on 100% trustworthiness across all platforms.

From the perspective of identity verification level, these are Guaranteed (Advanced) certificates. They bring all the benefits of electronic signatures and cryptographic guarantees but do not reach the identity verification level of Qualified certificates. Therefore, you cannot use them, for example, for submissions to public administration, or they will not be recognized when signing a contract at the level of a handwritten signature. But that is perfectly fine because we don't expect that from them either. Qualified certificates are intended for other uses and for a different group of customers, primarily for proving identity (eIDAS).

Previous article
Next article