Secure Email products
DigiCert offers three types of Secure Email Certificates to sign and encrypt your emails. Signing confirms your emails as coming from you, while encryption protects sensitive email data. Our Secure Email Certificates are compatible with most email clients, such as Outlook, Gmail, and Yahoo.
Important
End of life for the Legacy certificate profile
On July 1, 2025, DigiCert will no longer accept Secure Email certificate requests using the Legacy certificate profile. All new certificate requests must use the Strict or Multipurpose certificate profile. This change affects new, renewed, and reissued certificate requests.
To learn more about this change:
Secure Email for Individual
With Secure Email for Individual certificates, secure emails from public email service providers such as Gmail, Outlook, Yahoo, Hotmail, and MSN and on your email domains.
The industry refers to this S/MIME certificate as a mailbox-validated email certificate because Certificate Authorities (CAs) validate the email addresses included on the certificate.
Secure Email for Organization
With Secure Email for Organization certificates, secure emails for your organization on your email domains. Like TLS certificates, you must demonstrate control over your email domains.
The industry refers to this S/MIME certificate as an organization-validated email certificate because CAs validate the organization. These certificates are ideal for securing emails from shared or other email addresses not assigned to a specific individual.
Secure Email for Business
With Secure Email for Business certificates, secure emails for individuals in your organization on your email domains. Like TLS certificates, you must demonstrate control over your email domains.
The industry refers to this S/MIME certificate as a sponsor-validated email certificate because the organization attests that the individual is a valid employee or company representative. CAs validate the organization the individual represents or is employed by, not the individual.
Old S/MIME products
On July 1, 2025, DigiCert will deprecate our old S/MIME products in CertCentral: Premium, Email Security Plus, Digital Signature Plus, and Class 1 S/MIME. DigiCert will replace these products with our new Secure Email Certificates.
To learn more about the deprecation of DigiCert’s old S/MIME products, see the CertCentral: Updates to the S/MIME certificate process section in our knowledge base article.
Old S/MIME certificate* | Replacement certificate |
|---|---|
Class 1 S/MIME | Secure Email for Individual |
| Secure Email for Business |
*If using the CertCentral Services API, you can still order Premium, Email Security Plus, Digital Signature Plus, and Class 1 S/MIME certificates until we deprecate them in early 2026. See the CertCentral Services API: Updates to S/MIME Endpoint Integrations section in our knowledge base article. | |
How will the renewal process work?
When you renew an old S/MIME certificate, we will redirect you to its replacement certificate:
Class 1 S/MIME certificate renewals will redirect to our new Secure Email for Individual certificate.
Premium, Email Security Plus, and Digital Signature Plus certificate renewals will redirect to our new Secure Email for Business certificate.
How will the reissue process work?
You can still reissue your Premium, Email Security Plus, and Digital Signature Plus certificates if needed. However, the reissue process may work differently because of the industry changes happening on July 1, 2025, especially if you use an email address as the common name in your certificate.
Multipurpose certificate profile changes to old S/MIME certificate reissues
Currently, DigiCert issues our old S/MIME certificates using the Legacy certificate profile. However, starting July 1, DigiCert will use the Multipurpose profile to reissue old S/MIME certificates. The multipurpose profile is like the Legacy profile. However, the multipurpose profile has two differences that may affect your reissue process.
Maximum 824-day certificate validity
The Legacy profile’s maximum validity is 1184 days, whereas the Multipurpose profile’s is 824 days. If your primary certificate’s remaining validity is greater than the 824 days allowed by the Multipurpose profile, we will truncate the validity on your reissue to 824 days without a refund.
Email address as the common name requires additional information
With the Legacy profile, no additional information is required when using the email address as the common name. When using the Multipurpose profile, you must add the recipient’s first and last name or pseudonym when using the email address as the common.