{"id":17264,"date":"2023-09-08T09:20:22","date_gmt":"2023-09-08T13:20:22","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=17264"},"modified":"2023-09-28T16:42:46","modified_gmt":"2023-09-28T20:42:46","slug":"want-to-do-more-than-secure-emails-you-can-with-our-new-s-mime-certificates","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/want-to-do-more-than-secure-emails-you-can-with-our-new-s-mime-certificates\/","title":{"rendered":"Want to Do More Than Secure Emails? You Can With Our New S\/MIME Certificates"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-new-security-requirements-for-publicly-trusted-email-security-certificates-are-now-in-effect-here-s-an-overview-of-thesslstore-com-s-new-s-mime-products-that-are-compliant-with-the-industry-s-latest-requirements\">New security requirements for publicly trusted email security certificates are now in effect. Here\u2019s an overview of TheSSLstore.com\u2019s new S\/MIME products that are compliant with the industry\u2019s latest requirements.<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Starting Sept. 1, 2023, industry changes officially rolled out regarding how publicly trusted email security certificates would be issued and managed. The goal? To improve email security and authenticity while not breaking existing deployments.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Historically, the industry lacked standardized requirements regarding certificate subject validation. The <a href=\"https:\/\/cabforum.org\/2023\/01\/01\/smc-001-adopt-s-mime-baseline-requirements-v1-0-0\/\">new S\/MIME standards<\/a>, released on Jan. 1 and <a href=\"https:\/\/www.thesslstore.com\/blog\/new-s-mime-standards-go-into-effect-in-september-2023\/\">covered previously in another article<\/a>, aim to set specific parameters that certificate issuers must adhere to regarding the issuance of publicly trusted email security certificates. The CA\/B Forum, the industry\u2019s standards body, has since released an <a href=\"https:\/\/cabforum.org\/wp-content\/uploads\/CA-Browser-Forum-SMIMEBR-1.0.1.pdf\">updated version of its S\/MIME Baseline Requirements (version 1.0.1).<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Now, here we are nine months later after these new requirements have kicked into effect. So, what do these changes look like in terms of our new S\/MIME certificate product offerings and their validation requirements?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n\n<div class=\"wp-block-advanced-gutenberg-blocks-notice is-variation-info has-icon\" data-type=\"info\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"24\" height=\"24\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><circle cx=\"12\" cy=\"12\" r=\"10\"><\/circle><line x1=\"12\" y1=\"16\" x2=\"12\" y2=\"12\"><\/line><line x1=\"12\" y1=\"8\" x2=\"12\" y2=\"8\"><\/line><\/svg><p class=\"wp-block-advanced-gutenberg-blocks-notice__title\">Important: Changes Impact Certificates Issued After Aug. 29, 2023<\/p><p class=\"wp-block-advanced-gutenberg-blocks-notice__content\">It\u2019s important to note that these changes don\u2019t affect S\/MIME certificates issued before Aug. 29, 2023. Any certificates issued after that date are subject to the new industry requirements.<\/p><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-tl-dr-an-overview-of-the-new-s-mime-products\">TL;DR: An Overview of the New S\/MIME Products<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The new email security certificates are a mix when it comes to their validations and capabilities. Some allow you to digitally sign and protect the confidentiality of your messages (using encryption and decryption) while others provide additional functionalities.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"357\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/05\/Encryption-and-Email-1.png\" alt=\"A basicl illustration that demonstrates how email encryption and decryption work using an S\/MIME certificate.\" class=\"wp-image-10602\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/05\/Encryption-and-Email-1.png 975w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/05\/Encryption-and-Email-1-300x110.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/05\/Encryption-and-Email-1-768x281.png 768w\" sizes=\"auto, (max-width: 975px) 100vw, 975px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A basic illustration that shows how email encryption and decryption work by having the sender use the recipient\u2019s public key to encrypt the message, and the recipient uses their private key to decrypt it.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Different <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-a-certificate-authority-ca-and-what-do-they-do\/\">certificate authorities (CAs)<\/a> are approaching the rollout of the new standards in different ways. For example:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sectigo offers three types of S\/MIME certificates (called Personal Authentication Certificates),<\/li>\n\n\n\n<li>DigiCert offers two types of S\/MIME certificates.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s a quick overview of the three types of S\/MIME certificates we offer \u2014 <strong>all of which are valid for a maximum of two years (825 days)<\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>&nbsp;<\/td><td><strong>Strict Mailbox-Validated S\/MIME Certificate<\/strong><\/td><td><strong>Multipurpose Mailbox-Validated S\/MIME Certificate<\/strong><\/td><td><strong>Multipurpose Organization-Validated S\/MIME Certificate<\/strong><\/td><\/tr><tr><td>What It Does<\/td><td>Digitally signs and secures emails (encrypt and decrypt) for an individual employee\u2019s account.<\/td><td>Gives individual employees the ability to do more than \u201cjust\u201d digitally sign, encrypt, and decrypt emails. (Also provides document signing and client authentication capabilities.) &nbsp;<\/td><td>Displays your company name and does more than \u201cjust\u201d sign, encrypt, and decrypt emails. (Also provides document signing and client authentication capabilities.) &nbsp;<\/td><\/tr><tr><td>Validation Type<\/td><td>Email Verification<\/td><td>Email Verification<\/td><td>Email + Organization Verification<\/td><\/tr><tr><td>Issued To\/Displays<\/td><td>Email Address (name@company.com)<\/td><td>Email Address (name@company.com)<\/td><td>Email Address &amp; Organization (name@company.com and Company Name)<\/td><\/tr><tr><td>Works for Shared Email Providers (@gmail.com, yahoo.com, etc.)?<\/td><td>Yes<\/td><td>Yes<\/td><td>No<\/td><\/tr><tr><td>S\/MIME Certificate Providers We Partner With<\/td><td>Sectigo <br>DigiCert<\/td><td>Sectigo &nbsp;<\/td><td>Sectigo <br>DigiCert<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-central-palette-2-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/www.thesslstore.com\/products\/email-document-signing-certificates.aspx\" style=\"border-radius:3px;color:#ffffff\">Shop S\/MIME Certificates<\/a><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Strict, multipurpose, mailbox validated, organization validated \u2014 what do these terms mean? In a nutshell, our three types of certificate offerings fall within two overarching categories. Let\u2019s break it all down.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-mailbox-validated-s-mime-certificates\">Mailbox-Validated S\/MIME Certificates<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Mailbox validation refers to the use of an individual\u2019s email address (e.g., example@randomemaildomain.com) for validating that the certificate Subject is in control of that mailbox. This type of S\/MIME certificate can be used for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Individuals who aren\u2019t associated with a company, or<\/li>\n\n\n\n<li>Individuals who work for an organization.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">But this approach isn\u2019t one size fits all; there are two categories of certificates that fall within this classification, which vary based on the certificates\u2019 functionalities:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-option-1-a-strict-mailbox-validated-s-mime-certificate\">Option #1: A Strict Mailbox Validated S\/MIME Certificate<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">The Strict Mailbox Validated S\/MIME Certificate is the most basic type of email validation and is used to secure an individual mailbox. To complete validation for this type of certificate, the certificate issuer must verify that the email address is controlled by the certificate Subject (i.e., the person it\u2019s issued to).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s useful for digitally signing, encrypting, and decrypting messages. (NOTE: To exchange encrypted messages, both the sender and receiver must use S\/MIME certificates.) Currently, we offer two types of strict mailbox-validated email security certificates:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>DigiCert\u2019s <a href=\"https:\/\/www.thesslstore.com\/digicert\/smime-certificate.aspx\">Class 1 S\/MIME certificate<\/a><\/li>\n\n\n\n<li>Sectigo\u2019s <a href=\"https:\/\/www.thesslstore.com\/comodo\/personal-authentication-certificate.aspx\">Basic S\/MIME certificate<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-central-palette-2-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/www.thesslstore.com\/products\/email-document-signing-certificates.aspx\" style=\"border-radius:3px;color:#ffffff\">Shop S\/MIME Certificates<\/a><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s an example of what it looks like when I digitally signed an email using DigiCert\u2019s Class 1 S\/MIME Certificate:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"672\" height=\"767\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/digicert-class1-smime-example2-shadow.png\" alt=\"An example of an S\/MIME email security certificate that's compliant with the CA\/B Forum's new S\/MIME Certificate Baseline Requirements.\" class=\"wp-image-17267\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/digicert-class1-smime-example2-shadow.png 672w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/digicert-class1-smime-example2-shadow-263x300.png 263w\" sizes=\"auto, (max-width: 672px) 100vw, 672px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: An example screenshot I captured using a new DigiCert Class 1 S\/MIME Certificate. <\/em><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-option-2-a-multipurpose-mailbox-validated-s-mime-certificate\">Option #2: A Multipurpose Mailbox-Validated S\/MIME Certificate<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">As the name implies, multipurpose S\/MIME certificates aren\u2019t just good for email signing and encryption\/decryption. They\u2019ve \u201cleveled up\u201d and provide greater flexibility, being capable of performing additional functionalities:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Email encryption and decryption,<\/li>\n\n\n\n<li>Email digital signing,<\/li>\n\n\n\n<li>Document signing*, and<\/li>\n\n\n\n<li>Client authentication.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><em>NOTE: To digitally sign Adobe PDFs, you\u2019ll need a separate document signing certificate*<\/em><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">At this time, we offer Sectigo\u2019s <a href=\"https:\/\/www.thesslstore.com\/comodo\/personal-authentication-certificate.aspx\">Pro S\/MIME certificate<\/a>.<\/p>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-central-palette-2-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/www.thesslstore.com\/comodo\/personal-authentication-certificate.aspx\" style=\"border-radius:3px;color:#ffffff\">Buy This S\/MIME Certificate<\/a><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-organization-validated-s-mime-certificates\">Organization-Validated S\/MIME Certificates<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The use of this type of S\/MIME certificate extends beyond the uses of any individual mailbox. Rather, its intended uses are broader in terms of representing your company or organization.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Tired of sending unsigned emails from your company? Are your customers unsure about whether your messages are legitimate or phish? Install an organization-validated S\/MIME certificate and remove any doubt. Digitally signing your messages in your organization\u2019s name allows recipients to check the veracity of your messages to know whether your organization really sent them.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-option-3-a-multipurpose-organization-validated-s-mime-certificate\">Option #3: A Multipurpose Organization-Validated S\/MIME Certificate<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This type of certificate offers the best of both worlds \u2014 organization validation + the multipurpose functionalities that extend beyond digital signing and encryption\/decryption. It\u2019s a tool for large organizations or enterprises that want to send emails from a validated company name and email address.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"500\" height=\"630\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/organization-validated-smime-digicert-example-v2shadow.png\" alt=\"A screenshot example of the information displayed for a DigiCert Orgaization-Validated S\/MIME Certificate.\" class=\"wp-image-17268\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/organization-validated-smime-digicert-example-v2shadow.png 500w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/organization-validated-smime-digicert-example-v2shadow-238x300.png 238w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/organization-validated-smime-digicert-example-v2shadow-75x94.png 75w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: An example of a DigiCert Organization-Validated S\/MIME certificate. Image provided by Wade Hill and Flavio Martins at DigiCert.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s another example of how this information displays when you\u2019re using an individual employee\u2019s email address for an organization-validated certificate:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"664\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/organization-validated-smime-digicert-altCOMBO-example-shadow-1024x664.jpg\" alt=\"A side-by-side set of screenshots that display info regarding a DigiCert Orgaization-Validated S\/MIME Certificate.\" class=\"wp-image-17269\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/organization-validated-smime-digicert-altCOMBO-example-shadow-1024x664.jpg 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/organization-validated-smime-digicert-altCOMBO-example-shadow-300x194.jpg 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/organization-validated-smime-digicert-altCOMBO-example-shadow-768x498.jpg 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/organization-validated-smime-digicert-altCOMBO-example-shadow.jpg 1086w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A look at the certificate information that displays when users digitally sign an email using a DigiCert organization-validated S\/MIME certificate. Image provided by Mandy Barotti at DigiCert.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Much like the mailbox-validated multipurpose certificates we mentioned earlier, these organization-validated multipurpose S\/MIME certificates enable you to digitally sign documents* and perform client authentication in addition to their traditional email signing and encryption\/decryption capabilities.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><em>NOTE: To sign PDFs using Adobe Acrobat, you\u2019ll need a separate document signing certificate*<\/em><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We offer two options for Multipurpose Organization-Validated S\/MIME Certificates:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>DigiCert\u2019s a premium <a href=\"https:\/\/www.thesslstore.com\/digicert\/email-certificate.aspx\">S\/MIME certificate<\/a><\/li>\n\n\n\n<li>Sectigo\u2019s <a href=\"https:\/\/www.thesslstore.com\/comodo\/personal-authentication-certificate.aspx\">Enterprise S\/MIME certificate<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-central-palette-2-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/www.thesslstore.com\/products\/email-document-signing-certificates.aspx\" style=\"border-radius:3px;color:#ffffff\">Buy an S\/MIME Certificate<\/a><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">Want to learn more about our certificate offerings, or need help placing an order? <a href=\"https:\/\/www.thesslstore.com\/support\/\">Contact our support team<\/a> to get help right away.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>New security requirements for publicly trusted email security certificates are now in effect. Here\u2019s an overview of TheSSLstore.com\u2019s new S\/MIME products that are compliant with the industry\u2019s latest requirements. Starting&#8230;<\/p>\n","protected":false},"author":17,"featured_media":17271,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[17,10200],"tags":[9992,13220,13254],"class_list":["post-17264","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-lowdown","category-monthly-digest","tag-s-mime","tag-s-mime-baseline-requirements","tag-s-mime-certificates","post-with-tags"],"views":6199,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/09\/new-smime-certificates-feature.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/17264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=17264"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/17264\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/17271"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=17264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=17264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=17264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}