Secure Email products
DigiCert offers three types of Secure Email Certificates to sign and encrypt your emails. Signing confirms your emails as coming from you, while encryption protects sensitive email data. Our Secure Email Certificates are compatible with most email clients, such as Microsoft Outlook, Gmail, and Yahoo.
Belangrijk
End of life for the Legacy certificate profile
On July 10, 2025, DigiCert stopped accepting Secure Email certificate requests using the Legacy certificate profile. All new certificate requests must use the Strict or Multipurpose certificate profile. This change affects new, renewed, and reissued certificate requests.
To learn more about this change:
DigiCert updated the names of two Secure Email products
On August 12, DigiCert updated two of the Secure Email product names. Secure Email for Individual is now Secure Email for Individual Mailbox and Secure Email for Business is now Secure Email for Employee. Read our August 12, change log entry.
Secure Email for Individual Mailbox
With Secure Email for Individual Mailbox certificates, secure emails from public email service providers such as Gmail, Outlook, Yahoo, Hotmail, and MSN and on your email domains.
The industry refers to this S/MIME certificate as a mailbox-validated email certificate because Certificate Authorities (CAs) validate the email addresses included on the certificate.
Secure Email for Organization
With Secure Email for Organization certificates, secure emails for your organization on your email domains. Like TLS certificates, you must demonstrate control over your email domains.
The industry refers to this S/MIME certificate as an organization-validated email certificate because CAs validate the organization. These certificates are ideal for securing emails from shared or other email addresses not assigned to a specific individual.
Secure Email for Employee
With Secure Email for Employee certificates, secure emails for individuals in your organization on your email domains. Like TLS certificates, you must demonstrate control over your email domains.
The industry refers to this S/MIME certificate as a sponsor-validated email certificate. With this certificate, the organization attests that the individual is a valid employee or company representative. CAs validate the organization the individual represents or employed by, not the individual.
Old S/MIME products
On July 10, 2025, DigiCert end of life our old S/MIME products in CertCentral: Premium, Email Security Plus, Digital Signature Plus, and Class 1 S/MIME. DigiCert replaced these products with our new Secure Email Certificates.
To learn more about DigiCert’s deprecation of the old S/MIME products, see the CertCentral: Updates to the S/MIME certificate process section in our knowledge base article.
Old S/MIME certificate* | Replacement certificate |
|---|---|
Class 1 S/MIME | Secure Email for Individual Mailbox |
| Secure Email for Employee |
*If using the CertCentral Services API, you can still order Premium, Email Security Plus, Digital Signature Plus, and Class 1 S/MIME certificates until we deprecate them in early 2026. See the CertCentral Services API: Updates to S/MIME Endpoint Integrations section in our knowledge base article. | |
How will the renewal process work?
When you renew an old S/MIME certificate, we’ll redirect you to its replacement certificate:
Class 1 S/MIME certificate renewals will redirect to our new Secure Email for Individual Mailbox certificate.
Premium, Email Security Plus, and Digital Signature Plus certificate renewals will redirect to our new Secure Email for Employee certificate.
How the reissue process works?
You can still reissue your Premium, Email Security Plus, and Digital Signature Plus certificates if needed. However, the reissue process may work differently due to the industry changes implemented on July 10, 2025, especially if using an email address as the common name in your certificate.
Multipurpose certificate profile changes to old S/MIME certificate reissues
DigiCert issued our old S/MIME certificates using the Legacy certificate profile. As of July 10, DigiCert now uses the Multipurpose profile to reissue the old S/MIME certificates. The Multipurpose profile is like the Legacy profile. However, the Multipurpose profile has two differences that may affect your reissue process.
Maximum 824-day certificate validity
The Legacy profile’s maximum validity is 1184 days, whereas the Multipurpose profiles is 824 days. If your primary certificate’s remaining validity is greater than 824 days, we truncate the validity on your reissue to 824 days without a refund.
Email address as the common name requires additional information
With the Legacy profile, no additional information is required if using the email address as the common name. If using the Multipurpose profile, you must add the recipient’s first name and surname or pseudonym if using the email address as the common.