Order your Secure Email for Business certificate

Use your Secure Email for Business certificate to sign and encrypt your emails. Signing authenticates your employees and company representatives as the sender, adding an extra level of assurance for email recipients, while encryption protects sensitive email data.

With this certificate, you can secure emails for individuals in your organization on your own domains. You must demonstrate control over these domains, and your organization attests that the individual on the certificate is a valid employee or company representative.

Before you begin

CSR requirement

You must provide a certificate signing request (CSR) before DigiCert can issue your Secure Email for Business certificate. You can include a CSR with your request. Or, after submitting your request, you can generate it in the browser.

Provide a CSR now.
You can only add a CSR when you place your request. After submitting your order, you cannot add or update a CSR.
Secure Email certificates support the following algorithms and key lengths:
- RSA 2048, 3072, and 4096
- ECC p-256 and p-384
We only use the public key embedded in the CSR to create your certificate. All other fields in the CSR are ignored. Learn how to Create a CSR (Certificate Signing Request).
Provide a CSR later.
After DigiCert processes your order and you complete the necessary email address validation, we send instructions to the email recipient for generating the CSR and certificate in their browser.
For browser-generated certificates, we use an RSA algorithm, SHA256 signature hash, and a 2048-bit key length CSR.
Learn how to Generate your client certificate using DigiCert's KeyGen tool.

Organization validation

Before we can issue a Secure Email for Business certificate to an employee or company representative, DigiCert must validate the organization for SMIME – SMIME Organization Validation. Organization validation is valid for 825 days. See How we validate your organization.

Use one of the following options to validate your organization:

Prevalidate the organization
CertCentral features an organization prevalidation process that allows you to validate your organization before ordering certificates. Completing the organization validation ahead of time allows for quicker certificate issuance. See Submit an organization for prevalidation.
Validate the organization as part of the order process
If you add a new organization or an organization with expired S/MIME validation, DigiCert will complete the S/MIME organization validation as part of the order process.

Email address domain requirement

Before DigiCert can issue your Secure Email for Business certificate, you must demonstrate control over the domains in the email addresses on the certificate order. In other words, if you add john.doe@example.com, you must complete the domain control validation (DCV) for the email address domain example.com.

Important

Industry standards prevent Certificate Authorities (CAs), such as DigiCert, from issuing a Secure Email for Business type certificate until domain control validation is completed for the email addresses on the certificate.

Use one of the following domain validation options to demonstrate control over the email address domain:

Prevalidate the domain
CertCentral features a domain prevalidation process that allows you to validate your domains before ordering certificates. Completing the domain validation ahead of time allows for quicker certificate issuance.
See Domain prevalidation: Domain control validation (DCV) methods.
Validate the domain as part of the order process
If you add an email address with a new domain or a domain with expired validation, you can complete the domain validation as part of the order process.
See Supported DCV methods for validating the domains on certificate orders.

Order a Secure Email for Business certificate

In the left main menu, go to Request a Certificate > Secure Email Certificates > Secure Email for Business.
On the Request Secure Email for Business Certificate page, in the For dropdown, select the division to manage the certificate.
The For dropdown only appears if your account uses Divisions.
Certificate validity
Under Certificate validity, do the following:
1. Validity period
  Select a validity period for the certificate: 1 year, 2 years, 3 years, custom expiration date, or custom length.
2. Auto-renew
  To set up automatic renewal for this certificate, check Auto-renew order 30 days before expiration.
  With auto-renew enabled, DigiCert automatically submits a request to renew the order thirty days before it expires. This option is not available if you pay with a credit card.
  You must charge the order to the account balance to use the automatic renewal option. To configure your account's finance settings, in the left main menu, go to Finances > Settings.
Organization
You can add an existing organization from your account or a new organization. If you add a new organization, it will be added to your account.
Under Organization, select Add an organization. In the Add organization window, complete the following task as needed:
- Add an existing organization.
  1. Select An existing organization.
  2. In the dropdown, select the organization and then select Add.
    If you choose an organization not validated for S/MIME certificates or if the organization's validation has expired, DigiCert must validate the organization for S/MIME validation before we can issue your certificate.
  3. Organization and technical contacts.
    DigiCert automatically adds the contacts assigned to the organization to the request form. To see the organization and technical contacts, select Show organization contacts.
- Add a new organization.
  1. Select A new organization and select Next.
  2. Under Organization address details, enter your organization's legal name, assumed name (optional), address, and phone number.
    DigiCert must validate the new organization for S/MIME validation before we can issue your certificate.
  3. When ready, select Add.
  4. Add an organization contact.
    The organization contact is the person we contact when validating the organization and verifying your authority to order a DigiCert certificate for the organization. They may also receive the following notifications: Order status updates for certificates requested for their organization and Domain status updates for domains associated with their organization.
    In the Add organization window, add yourself or someone else from your account or create a new organization contact.
    Add yourself as the organization contact.
    Select Add me as the organization contact and then select Add or Next.
    If we have all your information, you will select Add.
    If we need more information, you will select Next, enter the missing data, and then select Add.
    Add someone else as the organization contact.
    Select Add someone else as the organization contact. Then, in the Add contact dropdown, select the contact or user and then select Add or Next.
    If we have the needed user information, you will select Add.
    If we need more user information, you will select Next, enter the missing data, and then select Add.
    Create a new contact.
    Select Add someone else as the organization contact.
    In the Add contact dropdown, select Create new contact and then select Next.
    Enter the needed user information and then select Add.
- Add a technical contact for the organization (optional).
  We may contact a technical contact for inquiries regarding certificate orders for the organization. They may receive the certificate lifecycle-related emails: certificate issued, reissued, and expiring.
  1. Select Show organization contacts.
  2. Select Add technical contact (Optional) and do one of the following:
    Add yourself as the technical contact.
    Select Add me as the technical contact for the organization and then select Add or Next.
    If we have all your information, you will select Add.
    If we need more information, you will select Next, enter the missing data, and then select Add.
    Add someone else as the technical contact.
    Select Add someone else as the technical contact for the organization. Then, in the Add contact dropdown, select the contact or user and then select Add or Next.
    If we have the needed user information, you will select Add.
    If we need more user information, you will select Next, enter the missing data, and then select Add.
    Create a new contact.
    Select Add someone else as the technical contact for the organization.
    In the Add contact dropdown, select Create new contact and then select Next.
    Enter the needed user information and then select Add.
Add your CSR
You can add your CSR now or generate it in your browser after DigiCert processes your order, and we are ready to issue it.
- Generate CSR in the browser
  To generate the CSR and your certificate via the browser, select Generate CSR in the browser. For this option, we send instructions to the email recipient for using the DigiCert KeyGen tool to generate the CSR and certificate in their browser.
- I have my CSR
  To include a CSR with your request, select I have my CSR. Upload or paste your CSR in the box.
  Your CSR must include the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags.
  Important
  You can only add a CSR when placing your request. After submitting your order, you cannot add or update a CSR.
Certificate details
In your certificate details, you can include an email address or the recipient's name as the common name on the certificate.
- Email address as the common name
  1. Select Email.
  2. Under Recipient email address, enter the address you want to secure and use for the common name on the certificate and select Add.
  3. Under Additional email address (optional), enter other email addresses you want the certificate to secure and select Add.
    You can leave this box empty. You don't need to add any additional emails.
- Recipient's name as the common name
  1. Select Name.
  2. Under Recipient name, enter your First and Last names.
  3. Under Recipient email address, enter the address you want the certificate to secure and select Add.
  4. Under Additional email address (optional), enter other email addresses you want the certificate to secure and select Add.
    You can leave this box empty. You don't need to add any additional emails.
Additional certificate options
By default, all DigiCert Secure Email certificates are dual use for signing and encrypting emails. However, you can update the certificate usage to meet your needs.
- To view and use the RSA options, add an RSA CSR to the request form or generate the CSR via the browser.
- To view and use the ECC options, add an ECC CSR to the request form.
RSA options
1. Dual use - email signing and encryption
  Additional certificate usages
  - Non-repudiation
  - Data encipherment
  - Client authentication
2. Email signing only
  Additional certificate usages
  - Non-repudiation
  - Client authentication
3. Email encryption only
  Additional certificate usages
  - Data encipherment
  - Client authentication
ECC options
1. Dual use - email signing and encryption
  Additional certificate usages
  - Non-repudiation
  - Client authentication
  - Restrict key agreement
    Encipher only
    Decipher only
2. Email signing only
  Additional certificate usages
  - Non-repudiation
  - Client authentication
3. Email encryption only
  Additional certificate usages
  - Client authentication
  - Restrict key agreement
    Encipher only
    Decipher only
Additional order options
Expand Additional order options and add information as needed.
The information in this section is not required to issue your certificate. Adding comments and messaging are optional.
- Additional Renewal Message (optional)
  To create a renewal message for this certificate, type a renewal message with information that might be relevant to the certificate’s renewal. Comments and renewal messages are not included in the certificate.
- Additional emails (optional)
  Enter the email addresses (comma separated) for the people you want to receive the certificate notification emails with information such as certificate issuance and certificate renewals.
  These recipients don't manage the order. They only receive all the certificate-related emails.
- Signature Hash
  DigiCert issues RSA and ECC certificates with the SHA-256 signature hash by default. Unless you require a different signature hash, we recommend using the default.
  In the dropdown, select the signature hash you want DigiCert to use for your certificate.
  - RSA: 256, 384, and 512
  - ECC: 256 and 384
- Signature algorithm
  To get an RSA or ECC certificate with an RSASSA-PSA signature algorithm, check Sign with the RSASSA-PSS signature algorithm.
  Important
  By default, your Secure Email certificate's signature algorithm matches the algorithm in the CSR (RSA CSR – RSA signature algorithm, ECC CSR – ECC signature algorithm).
Payment information
Under Payment information, select a payment method to pay for the certificate:
- Pay with credit card
  Don’t have a contract or don’t want to use the contract to pay for this certificate? Use a credit card to pay for the certificate.
  Important
  We authorize the card when the request is made. However, we only complete the transaction once we issue your certificate.
- Pay with contract terms
  Do you have a contract and want to use it to pay for the certificate? Use the contract to pay. Note that when you have a contract, it is the default payment method.
- Pay with account balance
  Don’t have a contract or don’t want to use the contract to pay for this certificate? Bill the cost to your account balance.
  To deposit funds, select the Deposit link. Selecting the Deposit link takes you to another page inside your CertCentral account. Any information entered in the request form will not be saved.
Master Services Agreement
Read through the Master Services Agreement.
Select Submit Request.
By selecting Submit Request, you agree to the Master Service Agreement.

What's next

Before we can issue your certificate, these tasks must be completed:

Demonstrate control over the domains on your order
Complete the domain validation for the email address domains on the order (demonstrate control over the domain). See Supported DCV methods for validating the domains on certificate orders.
Complete organization validation
DigiCert must validate and authenticate your authority to order a certificate for the organization on your certificate order. To do this, we will call a verified phone number to speak with someone who represents you, the certificate requestor, such as the organization or technical contact.
To get organization consent for your certificate order:
- Answer the organization/validation phone call (preferred method)*.
  - After you submit your certificate order, ensure that the organization contact, technical contact, and company receptionist know you’ve ordered a Secure Email for Business certificate.
  - Let them know DigiCert will call a verified phone number to speak with one of them to complete organization validation/authentication.
  - This phone call usually takes place within 24 hours of the order being placed.
- Respond to the organization consent message.
  - If the DigiCert validation agent can’t reach someone who represents you at the verified phone number, they will leave a message with a call-back phone number and a verification code.
  - Make sure that the organization or technical contact responds to the message and provides the verification code.

Getting your Secure Email for Business certificate

Generate CSR in the browser
After all email addresses are validated, a link will be sent to the first email address on the list so the recipient can generate the CSR and Secure Email certificate via the browser. See Generate your client certificate.
Included a CSR with your request
If you submitted a CSR with your request, the client certificate will be attached to the "client certificate issued" email. You can also download a copy from your account.

Dans cette section:

Order your Secure Email for Business certificate

Before you begin

Important

Order a Secure Email for Business certificate

Important

Important

Important

What's next

Getting your Secure Email for Business certificate

Résultats de la recherche