727.388.4240

Google Plus

Blog
  1. Home
  2. Email Signing Support
  3. DigiCert S/MIME Certificates
  4. DigiCert S/MIME Generation and Collection Guide
Searching...

DigiCert S/MIME Generation and Collection Guide

DigiCert S/MIME certificate can be used to digitally sign and encrypt email messages. This guide covers the different methods you can use to generate your S/MIME certificate request, and then collect the certificate after issuance.

Certificate Generation

After purchasing your DigiCert S/MIME certificate, click the Generate button to create your Certificate Enrollment Link.

Create a Certificate Enrollment Link

Use this form to create and email a link to the certificate enrollment form for your order. 

  1. Fill out the contact information for the person who will fill out the certificate enrollment form. This information is not used on the certificate.
  2. If you have previously ordered Organization Validation (OV) S/MIME for your organization, check the box on the list of organizations.
  3. If you are ordering S/MIME for a new organization, or it is a Class 1 (mailbox validated) certificate, do not check any organizations.
  4. Click Create Invite and Send. We’ll email the CertificateGeneration Invite link, and you can access it on the next page too.

CertificateGeneration Enrollment Form 

Organization Validation (OV) S/MIME

Class 1 “DV” Mailbox Validated S/MIME does not require organization information. Skip to the next section to continue.

If you are enrolling an OV S/MIME, you must first provide your organization information.

You can select an Existing Organization profile if you checked it during the Create Enrollment Link step. Otherwise, enter your organization details as a New Organization.

The Organization Contact will automatically populate for an Existing Organization. For New Organizations, enter the information for your organization’s point of contact for the S/MIME order.

Click Next to move on to the next page. 

Step 1 – Certificate to Request

There are two different methods to Generate and Collect your DigiCert S/MIME certificate. 

The Generate in Browser method is straightforward:

  1. Enter Recipient Name or Common Name and Email Address for the certificate user. Both fields may be the user’s email address.
  2. Do not include a Certificate Signing Request (CSR).
  3. Complete the order and check your email for approval and validation instructions.
  4. Once the certificate is issued, use any browser to collect the PKCS#12 file containing your certificate and the matching private key.

Advanced Method – Upload Custom CSR

The Custom CSR method allows you to create your own public and private keys, but it also requires manual file format conversion. 

  1. Create your CSR on your web server or using a certificate utility. Make sure the private key is saved.
  2. Enter Recipient Name or Common Name and Email Address for the certificate user. This information should match your CSR.
  3. Upload or copy/paste your custom CSR into the Recipient CSR field.
  4. Complete the order and check your email for approval and validation instructions.
  5. After collecting your certificate from DigiCert, you must manually convert the file to P12 format using a certificate utility, OpenSSL, or an online tool. 

Step 2 – Certificate Services Agreement

Read and check the box to Agree to the Certificate Services Agreement.

After all sections of the form are completed, click Submit Certificate Request. You will receive your new order ID number.

After Generation

Organization Validation

If you have previously completed Organization Validation with DigiCert, your S/MIME certificate request can be processed quickly. 

If this is your first Organization Validation certificate, DigiCert will work mainly behind the scenes to verify that the organization is legally registered and active, and that you are authorized to request certificates for the organization. 

Check your email for correspondence from DigiCert regarding the validation and issuance of your S/MIME certificate.

Certificate Collection

The final step of the S/MIME process is to collect the certificate. 

The method to collect depends on the original generation method.

Method One – Generate In Browser

You will receive a “collection link” via email from DigiCert. On the “Generate certificate” page, follow these steps:

  1. Create a new password for the certificate. (Note: You will need this password to install the certificate on your device.)
  2. Check the Master Services Agreement box.
  3. Click “Generate Certificate”.
  4. Save your certificate in P12 format when prompted.
  5. Install this P12 certificate file on your device using the appropriate method:
    1. Windows: right-click P12 file and select “Install PFX” to start Certificate Import Wizard.
    2. MacOS: import P12 file to Keychain Access.

Method Two – Custom CSR

You may not receive a notification that your certificate is ready to collect. You can instead download your certificate files from your SSLStore order dashboard.

You must manually convert your certificate to the P12 format before you can install it. You must have your certificate’s private key file to complete this conversion.

For a simple conversion, we recommend using the SSLShopper Certificate Converter Tool. Check out the guide here: Convert Email Certificate to PKCS#12/PFX.

 

Updated on

Was this article helpful?

Yes No

Related Articles