S/MIME. Technology for secure emails.

The price range of S/MIME certificates is wide, starting from around €15 up to about €250 per certificate and year. Decisive pricing factors include the provider, class and validation, along with the selected validity period.  Some S/MIME certificates can be purchased with a validity period of up to 36 months. The price per year is often lower for validity periods longer than one year. 
On request, SSL resellers can obtain discounts for higher volumes. Please see AutoDNS for a detailed price overview of the individual S/MIME certificates.

The S/MIME certificate i.e. the link for download is always sent to the respective email address that is specified in AutoDNS when ordering. The link is valid for 30 days. The installation is configured directly in the respective email client. Instructions for this can be found on the support pages provided by the email client.

S/MIME has many advantages:

• S/MIME provides effective protection against phishing, spoofing and social engineering.
• S/MIME secures the email communication of individuals, organizations or companies. 
• S/MIME protects the transmission and content of emails that are transfering sensitive and personal data.
• Depending on the validation, the trust and security level is clearly visible for users and communication partners.
• The email sender can be clearly and unequivocally verified by adding a signature. 

If you would like more information about email security, please contact our Partner Success Team.

Certificate authorities, like DigiCert, GlobalSign or Sectigo, offer different S/MIME certificates. These differ according to the level of trust, the digitally proved right of ownership as well as the type of authentication used.

• Trust level 1 offers a high level of security, is intended for use in a personal environment and is authenticated per email.
• Trust level 2 requires a more stringent identity check. Validation includes checking that the email address exists, that the company has control over the domain and that the company is listed in the commercial registry. Class 2 certificates also include the company name and are therefore more trustworthy than Class 1 certificates.
• Trust level 3 offers the highest level of security and is intended for companies and corporations that must meet the highest IT security standards and compliance guidelines. Apart from authentication of the email address, the commercial registry listing is verified and the company is checked with a call using a number from the public directory.

The various classes provide different security levels according to the requirements. You can find an overview of our certificates here.  

Yes, an S/MIME certificate can be used on multiple computers and devices. In order to do this, the option to allow the export of the private key must be selected when first installing the certificate. This will allow the certificate to be imported by other devices. Instructions for this can be found on the support pages provided by the email client.

The signature and encryption of emails is carried out in the respective email clients. In order to activate encryption, a signed email must first be sent to the recipient, who in turn must reply with a signed email. After this, recipient and sender can send each other encrypted emails. This one-time exchange of keys must be carried out with all contacts in order to send encrypted email communication. The encryption and signing of emails is only possible is the recipient also has an S/MIME certificate.

Yes. The email header includes a symbol to indicate whether the email is encrypted (usually a lock) or signed (usually an envelope). By clicking on one of the symbols, further detailed information about the certificate and the certificate owner can be accessed.

Either the communication partners have not yet exchanged keys or one has not implemented an S/MIME certificate. Another reason could be that the contact has an old or incorrect key. In this case, you should delete the contact and the saved contact from the email client and add it again. If the problem persists, our Partner Success Team or Support will be happy to assist you.

When the content of an email is encrypted and signed with S/MIME but is incorrectly coded, an smime.p7s file is created. If the email is not automatically displayed as plain text, the settings in the mail program or a certificate i.e. key is required to decrypt the email.

S/MIME and PGP are based on public-key encryption. Both can be used to signed emails. Both can be used for end-to-end encryption of emails. However, with PGP, the public keys must be mutually signed and exchanged. With S/MIME technology, an infrastructure for certificates and publication is required that is often used in B2B (business-to-business) and B2C (business-to-customer) situations. A user controls the cryptographic key in S/MIME and can choose whether to use it or not for each individual message. Email programs, like Outlook, look for the location of a trustworthy CA (certificate authority) in order to carry out a digital signature and to verify this signature. While PGP, users mutually sign each others' public keys, this is carried out by a central certification authority with S/MIME. These authorities do not sign the public keys, but the certificates, as a certificate always includes the public key with the respective identity.

Please note that S/MIME and PGP are not compatible with each other. Recipients and senders using different technologies cannot exchange signed or encrypted emails. As S/MIME is highly compatible with leading email clients and the exchange of keys is somewhat easier than with PGP, the S/MIME technnology has established itself as the stronger industry standard. PGP, which is free of charge, is often used by tech-savvy people in a private environment, while companies and organizations are more likely to opt for S/MIME.

Data protection and security is increasingly gaining an important role in the EU as well as in other countries. In many economic sectors, sensitive and personal data must be processed on a daily basis and those who are subject to professional secrecy, like lawyers, doctors and psychologists, are often obligated to keep their communication confidential and secure. Since the introduction of the GDPR in Europe, using TLS/SSL encryption for websites has become mandatory. TLS stands for transport layer security and means that the transmission channel between two respective SMTP servers is encrypted. The actual emails are not encrpyted. An explicit legal requirement for using public-key encryption has not (yet) been imposed. However, many corporate groups and large companies include it in their compliance guidelines in order to meet data protection requirements when dealing with customer data and implement S/MIME as a standard for email security. Read our e-paper "Emails in business" to find out more about sending email communication in conformance with the GDPR. 

Yes. Documents can also be signed with DigiCert S/MIME Premium.

There are also specific solutions for this – so-called document signing certificates. With Digital Signature Plus by DigiCert, for example, individuals, teams and organizations can add a digital signature to documents in a number of formats, allowing ownership to be clearly checked and verified. The digital signature is an encrypted has that can only be decrypted by someone who has a copy of the public key. This guarantees that the document has not been manipulated and that attached sensitive data is protected. Documents can also be signed in this way.