Skip to main content

Request secure email certificate

Notice

As of March 13, 2025, DigiCert checks, processes, and abides by DNS Certification Authority Authorization (CAA) resource records for email domains before issuing secure email certificates. Confirm that your email domain's CAA records authorize DigiCert to issue S/MIME certificates before submitting the request. See Manage DNS CAA records.

Use these steps to request a secure email (S/MIME) certificate in CertCentral . Secure email certificates enable email encryption and digital signing to verify sender identity and protect message content.

This procedure applies to Enterprise, Partner, and Legacy accounts.

Notice

For Subscription accounts, request DV certificates through your active subscription. In the CertCentral menu, go to My digital trust products > My subscription. Find the relevant subscription and select Actions > Request a certificate. See Request a secure email certificate from a CertCentral subscription.

Before you begin

  • The organization must be active and validated for S/MIME in your account.

  • The email address domains included in the certificate must be validated.

  • Confirm the email address and subject information match the intended certificate holder.

Start a certificate request

  1. In the CertCentral main menu, go to Certificates > Request certificate.

  2. Select Secure Email certificate

    Available products:

    • Secure Email for Individual Mailbox

    • Secure Email for Employee

    • Secure Email for Org

Enter certificate details

  1. Enter the email address to be included in the certificate.

  2. Enter the certificate subject information as required.

  3. Select the certificate validity period.

  4. Generate or upload the certificate signing request (CSR), or leave blank if the recipient will generate the certificate via browser after receiving the issuance email.

Ensure the email address and subject information match the intended certificate holder.

Select or add the organization

  1. Select an existing validated organization from the list.

  2. If the organization is not listed, select Add organization and complete the organization details.

If the organization has not been validated for S/MIME, DigiCert must complete S/MIME organization validation before issuance.

Submit the request

  1. Review the order details.

  2. Select the payment method.

  3. Read and accept the Certificate Services Agreement.

  4. Select Submit.

After submission, the certificate remains pending until required domain and organization validation are complete.

If the order does not include a CSR, CertCentral sends an email to the recipient with a link to generate the CSR and secure email certificate via browser. The certificate is issued after the recipient completes the browser-based generation process.

Related topics

Manage DNS CAA records to confirm CAA records authorize DigiCert to issue S/MIME certificates

What's next

Manage pending orders to monitor the status of your submitted request and complete any outstanding validation steps

In diesem Abschnitt: