Yes, they are compatible with all the main email clients, including Outlook, Thunderbird and Apple Mail.
Without the private key, you cannot decrypt the encrypted emails you receive. Make sure to keep a backup copy of the private key in a safe place.
- Import the certificate into the certificate manager of your device's operating system;
- open your email client (e.g., Outlook, Thunderbird);
- go to the section that displays the email client settings;
- associate the certificate with your email account;
- enable signing and encryption for emails.
No, each S/MIME certificate is tied to a single email address. If you have multiple addresses, purchase an S/MIME certificate for each email address.
To check that the email is signed, open the email client, view the email, and look for the signature icon. It usually appears as a seal or a tick mark. To see if it is encrypted, check for the presence of a lock icon.
If a recipient is unable to verify the signature of your email:
- check that your S/MIME certificate is still valid and has not been revoked;
- ensure that the recipient has installed the root and intermediate certificates from your Certification Authority;
- verify that the certificate is correctly associated with the email account.
You can only send encrypted emails to recipients who have a valid S/MIME certificate.
The email address associated with S/MIME must consist solely of ASCII characters to ensure compatibility with the most common systems and email clients.
ASCII characters include Latin letters (A-Z, a-z), numbers (0-9), and common symbols such as @, periods (.), hyphens (-), and underscores (_). Non-ASCII special characters like accented letters (e.g., á, ü) or symbols from other languages are not allowed.
It is not possible to issue S/MIME certificates for email addresses written in Chinese in the part before the at symbol, for example, 马克@domain.com. If your email contains non-ASCII characters, use another address that complies with the ASCII requirement.
After 24 hours, a verification link is no longer valid, and we will send you another one. We do this for 8 times.
If after 8 days the MCV is not completed, the request is automatically cancelled.
To avoid your request being rejected, always check the associated email to verify the receipt of the MCV link.
S/MIME certificates can be ordered and renewed for a maximum of 12 months.
You could use an S/MIME certificate for multiple users, such as a team of 10 people, but it is not recommended. As you know, the S/MIME certificate issues a private key to decrypt and sign emails. When you share the certificate, you also share the private key, compromising its security.
If your team uses a shared mailbox, you can request an S/MIME OV for that shared mailbox. The best solution for managing a team is to purchase an S/MIME certificate for each user, meaning for each email.
Yes, the S/MIME certificate is accepted by DiPA and DiGA because it includes the necessary Extended Key Usage (EKU) for client authentication.
Actalis generates the private keys for their free S/MIME certificates and provides them to subscribers in a PKCS#12 file. According to their Certificate Policy, Actalis does not retain the subscriber's private key after sending it to the subscriber.
in your browser, disable the blocker, then refresh the page. You can also check your connection and refresh the page.