Where to get a (free) S/SMIME e-mail certificate? 3 options

With a S/MIME certificate, you can both sign and encrypt your e-mails. Those e-mail certificates are often used by businesses in order to increase their e-mail privacy and trust. But an e-mail certificate for personal use can be very useful as well – and can come across very professional – and it can be free as well.

Free S/MIME certificates

In the past, a number of certificate vendors offered free S/MIME certificates to the public (to personal e-mail addresses, that is). Perhaps the best known example was Comodo, who furthermore also had a very simple user interface to create, manage and renew an e-mail certificate. It also had to be renewed only once a year, in contrast with other offerings from different companies where a monthly renewal was required.

Unfortunately, after searching some time for free SMIME e-mail signing and encryption, I couldn’t find any solution that has no cost attached to it. It seems like all providers stopped offering this service: they either completely stopped offering this, or they stopped offering the free version.

Paid S/MIME certificates

While free S/MIME client certificates appear to be no longer offered by any company, there are still quite some companies offering a paid solution for signing and/or encrypting e-mails.

Here is a non-exhaustive overview of e-mail client certificates:

  • SSL.com: Personal Basic Email and ClientAuth Certificate
  • Sectigo.com: Secure Email Solutions (S/MIME)
  • Globalsign.com: Secure Email – Digitally Sign & Encrypt Emails

Often, these certificates are not very costly, with even sometimes discounts when purchasing for multiple years.

Create your own S/MIME certificate

Given there are basically no providers of free S/MIME certificates today on the market, you may want to create your very own client certificate for your e-mails. This is completely free and you will learn more about encryption in creating your self-signed S/MIME certificate from scratch.

John Dalesandro has a great how-to blogpost for this. There are other guides available: ServerFault,  Henry Todd. All these guides will help you create your own S/MIME cert in no time.


Author Bio

Thank you for your interest in my blog! On this miniblog, I write mostly short (technical) blog posts that might interest other people. Read more about me or feel free to contact me.


27 thoughts on “Where to get a (free) S/SMIME e-mail certificate? 3 options

      1. Actalis will not use the browser to generate a private key, but instead will generate it themselves and send you the PFX. I cannot stress enough that this defeats the whole purpose of secure e-mail, as they have the private key!

          1. Wll, at least that is what they “claim”, you have no proof that they aren’t creating their own database of customer keys.

          2. Not true. They definitely retain the private key because they let you download your private key later.

        1. When you DON’T use some encryption, ANYONE can read the mail.

          Besides, I only use it to sign my mail, not encrypt it.
          This way people know I sent the mail and not some spoofer

          1. Not really. Most good implementations use JavaScript to create the private key on the browser side.

        2. FAKE NEWS Its a great company and simple cert for * F R E E * They send you a one time image (code) that opens on their website one time. After that it is forever gone.

      2. Thank you for this. As of April 26, 2022 the process to get a certificate (2048 bit, RSA, trusted by Windows default root cert authority list) was very easy and done in 10 minutes.

    1. I believe there are some valid use cases:

      1. How about, I will trust my own certificate myself?
      Sample use case: sending encrypted emails between work (where the organization has already an internal CA for S/MIME certificates set up) and my home mail addresses.

      2. Or being able to send some file via encrypted mail from your home address to your phone, or vice-versa, between 2 email addresses you both own, without worrying that your provider can read your mail in transit?

      3. Or exchanging encrypted emails with a friend with whom you are corresponding very frequently and who’s “stuck” on a client like Outlook which doesn’t support PGP?

      1. Other use cases:
        Using certificates for ESXI hosts that you control.

        I also use personal certificates to allow access to certain sections of my website. I create the Certs with my own CA and then give them to trusted family members and associates. For example, some of my ‘smart home’ services can be controlled by my webserver, but I don’t want just anybody to be able to turn on computers, lights, change temp settings, etc. The only people that can do that are folks that have personal certificates signed by MY personal CA.

      2. I think you are in a different planet, maybe UR-ANUS. I used the Actalis cert and it was accepted by my mortgage company, bank and title company. I think that suffices to say the Actalis certs are a good as gold. And FREE

    1. Unfortunately they recently changed their terms of service to certificates only valid for 3 months. Another way to stop free service

    2. I use WiseID, the procedere to get the free certificate is not as intuitive and easy as I would wish and unforatunately starting from april 2021 they give out only certificates that are valid for 3 months.

    1. Edge, Chrome, Brave, Firefox say invalid, not trusted. To have it show as trusted you have to import their root certs. So would anyone who wanted to trust you. That’s not going to happen. WISe worked like a champ, and so did Actialis

  1. The problem with Actalis is that they create the key and they save it. Just login afterwards and request the key and certificate again and they will give it to you. It doesn’t even matter if they delete. They still created it, so there is the possibility they have it somewhere OR somebody took it before it was deleted.

    I want to use the certificate to prove, that I am the only one capable of sending you this message or decrypting anything you send to me. No rational person who is dealing with security is going to accept somebody else having your key.

    If you just want a pretty red flag near your name just put a jpeg in your email signature…

Leave a Reply

Your email address will not be published. Required fields are marked *