DigiCert S/MIME certificate can be used to digitally sign and encrypt email messages. This guide covers the different methods you can use to generate your S/MIME certificate request, and then collect the certificate after issuance.
Certificate Generation
After purchasing your DigiCert S/MIME certificate, click the Generate button to get started.
First, you will create your Certificate Enrollment Link. Fill out the requested information to send an invite to the person who will generate the certificate. You can also access the link from the next page to complete the order yourself.
If you have previously ordered S/MIME for your organization, check the box on the organization list to add it to your enrollment form. Otherwise, do not check any organizations and you will create a new one during enrollment.
Once you have your CertificateGeneration enrollment link, you're ready to order your S/MIME certificate.
Organization Information
If you checked an Existing Organization during the Create Enrollment Link step, select the organization from the drop-down. Otherwise, enter the information for your New Organization.
The Organization Contact information will populate based on the Existing Organization profile. If you are applying as a New Organization, fill out the info for your organization's point of contact for the S/MIME certificate. This contact does not have to be the certificate user (you'll provide the user info on the next page).
Click Next to move on to the next page.
Step 1 - Certificate to Request
There are two different methods to Generate and Collect your DigiCert S/MIME certificate.
Recommended Method - Generate in Browser
The browser method is generally the simplest way to generate and collect your DigiCert S/MIME certificate. You may fill out the order generation form in any browser to start the process. You do not need to submit a CSR for this method.
Once the certificate is issued, you will use any browser to collect the PKCS#12 file containing your certificate and the matching private key.
Advanced Method - Upload Custom CSR
If you have created your own CSR using a server or certificate utility, you may upload or copy/paste the CSR code into the Recipient CSR field.
You must make certain you have saved the matching private key file, as you will need it to convert the certificate to the PKCS#12 file format after issuance.
Using the custom CSR method, you may use any browser to collect the certificate once it is issued. Please note that using this method, the certificate provided will not include a private key, and you will need to take some extra steps to convert the certificate to the proper format before it can be installed.
Step 2 - Certificate Services Agreement
Read and check the box to Agree to the Certificate Services Agreement.
After all sections of the form are completed, click Submit Certificate Request. You will receive your new order ID number.
Organization Validation
If you have previously completed Organization Validation with DigiCert, your S/MIME certificate request can be processed quickly.
If this is your first Organization Validation certificate, DigiCert will work mainly behind the scenes to verify that the organization is legally registered and active, and that you are authorized to request certificates for the organization.
Check your email for correspondence from DigiCert regarding the validation and issuance of your S/MIME certificate.
Certificate Collection
The final step of the S/MIME process is to collect the certificate. As soon as validation is completed, you will receive an email from [email protected] containing further instructions for collecting your certificate, including a link to the collection website.
The method to collect depends on the method you used to generate the certificate in the first place.
Method One - Generate In Browser
On DigiCert's "Generate your certificate" page, the only step is to create a new password for the certificate. You will need to use this password to install the certificate on your device.
After entering the new password, check the Master Services Agreement box. Then click Generate Certificate.
You will be prompted to save your certificate in P12 format.
You can install this P12 certificate file on your device using the Windows Certificate Import Wizard, or using Keychain Access on MacOS.
Method Two - Custom CSR
You will not receive a collection email from DigiCert. Instead you must download your certificate files from your order dashboard on this storefront.
The downloaded certificate must be combined with the private key to convert to P12 format before installation.
If you are ready to convert your certificate files, please read our guide to Convert DigiCert S/MIME to PKCS#12/PFX.