DigiCert S/MIME certificate can be used to digitally sign and encrypt email messages. This guide covers the different methods you can use to generate your S/MIME certificate request, and then collect the certificate after issuance.
Certificate Generation
After purchasing your DigiCert S/MIME certificate, click the Generate button to get started.
- Select your country from the drop-down menu.
- If you have previously ordered certificates for your organization, you may select it from the list of organizations. If you have never ordered certificates for an organization, you will not see any organizations listed.
- Click Generate to create your order generation page link.
- When you are ready to start generation, visit the certificategeneration.com link.
Step 1 - Select Your Order Type
If you are purchasing a new certificate to replace an expiring certificate, select Renew as the Order Type.
If this is your first S/MIME certificate, select New.
Step 2 - Certificate to Request
There are two different methods to Generate and Collect your DigiCert S/MIME certificate. In this step, you will provide your name and email address for the certificate.
Whether or not you should upload a Certificate Signing Request (CSR) depends on which collection method you plan to use when the certificate has been issued.
Method Two - Generate in Browser
The browser method is generally the simplest way to generate and collect your DigiCert S/MIME certificate. You may fill out the order generation form in any browser to start the process. You do not need to submit a CSR for this method.
Once the certificate is issued, you will use any browser to collect the PKCS#12 file containing your certificate and the matching private key.
Method Two - Upload Custom CSR
If you have created your own CSR using a server or certificate utility, you may upload or copy/paste the CSR code into the Recipient CSR field.
You must make certain you have saved the matching private key file, as you will need it to convert the certificate to the PKCS#12 file format after issuance.
Using the custom CSR method, you may use any browser to collect the certificate once it is issued. Please note that using this method, the certificate provided will not include a private key, and you will need to take some extra steps to convert the certificate to the proper format before it can be installed.
Step 3 - Organization
The DigiCert S/MIME certificate is an Organization Validation (OV) type certificate. You must provide information about your organization to be verified by the CA prior to the certificate's issuance.
If you have previously ordered OV or EV certificates for your organization, you may select "Existing Organization" and then select your company from the drop-down menu.
If you have not completed Organization Validation with DigiCert before, you will need to submit your information as a "New Organization". Please make sure to submit the requested information exactly as your business is registered with your local government to make the validation process as simple as possible.
Step 4 - Contact Information
The organization contact listed here will be the main point of contact for Organization Validation purposes and may be required to complete a verification telephone call with DigiCert's validation team before the certificate can be issued. The business phone number will first be confirmed on an approved third-party business directory website such as Dun and Bradstreet or Yellow Pages.
Step 5 - Additional Certificate Options
Select the signature hash algorithm for the certificate. At this time, the standard option is SHA-256.
Step 6 - Certificate Services Agreement
Read and check the box to Agree to the Certificate Services Agreement.
After all sections of the form are completed, click Submit Certificate Request. You will receive your new order ID number.
Organization Validation
If you have previously completed Organization Validation with DigiCert, your S/MIME certificate request can be processed quickly.
If this is your first Organization Validation certificate, DigiCert will work mainly behind the scenes to verify that the organization is legally registered and active, and that you are authorized to request certificates for the organization. Read our Organization Validation Guide for more information about the requirements.
Check your email for correspondence from DigiCert regarding the validation and issuance of your S/MIME certificate.
Certificate Collection
The final step of the S/MIME process is to collect the certificate. As soon as validation is completed, you will receive an email from [email protected] containing further instructions for collecting your certificate, including a link to the collection website.
The method to collect depends on the method you used to generate the certificate in the first place.
Method One - Custom CSR
You may use any browser to collect the certificate.
On the download certificate page, you will have a few options for downloading the certificate.
- A P7B bundle of all the certs in a .p7b file
- Individual .crts (zipped)
Because the custom CSR method does not allow collecting the certificate with its required private key, you will need to take a few extra steps after downloading your S/MIME certificate to combine it with the key and convert it to the required PKCS#12 file format before you can install and utilize the certificate.
If you are ready to convert your certificate files, please read our guide to Convert DigiCert S/MIME to PKCS#12/PFX.
Method Two - Internet Explorer
- Open Internet Explorer.
- Navigate to the collection link provided in DigiCert's email using IE.
- Click Yes on the Web Access Confirmation pop-up to allow the collection process.
- Check the box "I agree to the terms of the subscriber agreement"
- Click the Generate Certificate button. The collection process may take a few minutes.
Once the certificate has been collected by the browser, the page will confirm the certificate is installed. Your next step is to export the certificate from Internet Explorer so you may install and utilize it.