Where to get a (free) S/SMIME e-mail certificate? 3 options

With a S/MIME certificate, you can both sign and encrypt your e-mails. Those e-mail certificates are often used by businesses in order to increase their e-mail privacy and trust. But an e-mail certificate for personal use can be very useful as well – and can come across very professional – and it can be free as well.

Free S/MIME certificates

In the past, a number of certificate vendors offered free S/MIME certificates to the public (to personal e-mail addresses, that is). Perhaps the best known example was Comodo, who furthermore also had a very simple user interface to create, manage and renew an e-mail certificate. It also had to be renewed only once a year, in contrast with other offerings from different companies where a monthly renewal was required.

Unfortunately, after searching some time for free SMIME e-mail signing and encryption, I couldn’t find any solution that has no cost attached to it. It seems like all providers stopped offering this service: they either completely stopped offering this, or they stopped offering the free version.

Paid S/MIME certificates

While free S/MIME client certificates appear to be no longer offered by any company, there are still quite some companies offering a paid solution for signing and/or encrypting e-mails.

Here is a non-exhaustive overview of e-mail client certificates:

  • SSL.com: Personal Basic Email and ClientAuth Certificate
  • Sectigo.com: Secure Email Solutions (S/MIME)
  • Globalsign.com: Secure Email – Digitally Sign & Encrypt Emails

Often, these certificates are not very costly, with even sometimes discounts when purchasing for multiple years.

Create your own S/MIME certificate

Given there are basically no providers of free S/MIME certificates today on the market, you may want to create your very own client certificate for your e-mails. This is completely free and you will learn more about encryption in creating your self-signed S/MIME certificate from scratch.

John Dalesandro has a great how-to blogpost for this. There are other guides available: ServerFault,  Henry Todd. All these guides will help you create your own S/MIME cert in no time.

 

Author Bio

Thank you for your interest in my blog! On this miniblog, I write mostly short (technical) blog posts that might interest other people. Read more about me or feel free to contact me.

 

15 thoughts on “Where to get a (free) S/SMIME e-mail certificate? 3 options

      1. Actalis will not use the browser to generate a private key, but instead will generate it themselves and send you the PFX. I cannot stress enough that this defeats the whole purpose of secure e-mail, as they have the private key!

          1. Wll, at least that is what they “claim”, you have no proof that they aren’t creating their own database of customer keys.

        1. When you DON’T use some encryption, ANYONE can read the mail.

          Besides, I only use it to sign my mail, not encrypt it.
          This way people know I sent the mail and not some spoofer

    1. I believe there are some valid use cases:

      1. How about, I will trust my own certificate myself?
      Sample use case: sending encrypted emails between work (where the organization has already an internal CA for S/MIME certificates set up) and my home mail addresses.

      2. Or being able to send some file via encrypted mail from your home address to your phone, or vice-versa, between 2 email addresses you both own, without worrying that your provider can read your mail in transit?

      3. Or exchanging encrypted emails with a friend with whom you are corresponding very frequently and who’s “stuck” on a client like Outlook which doesn’t support PGP?

      1. Other use cases:
        Using certificates for ESXI hosts that you control.

        I also use personal certificates to allow access to certain sections of my website. I create the Certs with my own CA and then give them to trusted family members and associates. For example, some of my ‘smart home’ services can be controlled by my webserver, but I don’t want just anybody to be able to turn on computers, lights, change temp settings, etc. The only people that can do that are folks that have personal certificates signed by MY personal CA.

    1. Unfortunately they recently changed their terms of service to certificates only valid for 3 months. Another way to stop free service

    2. I use WiseID, the procedere to get the free certificate is not as intuitive and easy as I would wish and unforatunately starting from april 2021 they give out only certificates that are valid for 3 months.

Leave a Reply

Your email address will not be published. Required fields are marked *