Check your S/MIME certificate if it complies with the new rules valid from 1/9/2023
(23/08/2023) Issuing S/MIME certificates has not yet been regulated by CA/B forms, so each certification authority could issue them in its own way. Unification is now taking place and from 8/29/2023 S/MIME certificates will be issued according to the new rules (to correspond to the general rules valid from 9/1). The DigiCert verifier will tell you whether your certificate will be suitable in the future or whether something will change during renewal.
Major changes to S/MIME certificates
The Base-line criteria for issuing certificates are not reading for ordinary mortals. Therefore, it is good to point out the main changes that will occur in the release.
The main change is the new verification method, which is based on the new verification requirements of the organizations to which the CA issues these certificates. This contributes to their higher security and the customer will not notice them at all. Perhaps only in the form of faster issuance of the certificate. New requirements will also be applied to email address verification.
It will not be possible to have an e-mail address in Document Signing certificates and this type of certificate cannot be used for e-mail security. However, this is a change that probably none of the owners of the Document Signing certificate will notice.
The most visible change that the customer can already notice is the dropping of the organization unit (OU) in the certificate; this field will no longer be used. The SubjectDN field for the Organization Identifier and new Object Identifiers (OIDs) will appear in certificates; but these are already very specific technical details.
DigiCert has prepared a tool for checking certificates
You can confront your current S/MIME certificate with the new criteria and test whether it meets them or not. You can find the certificate checker at Is your S/MIME certificate compliant? Insert your certificate in PEM (Base64) format as you received it from us by e-mail or as you downloaded it from SSLmarket. Checker can detect up to 150 potential bugs that do not match the new Base-line criteria and will need to be fixed in the future.
How does the change affect current certificate holders?
There is no need to change anything for currently valid S/MIME certificates. They will be valid until their expiration date and no action is required. The new rules apply only to those newly issued from 1 September 2023. If any property or information does not comply with the new rules, it will be excluded from the certificate. Most customers will not even notice the change.
