Certificates for S/MIME
secure electronic mail

Make your email secure by
sending signed and/or encrypted messages

The S/MIME protocol, supported by all major electronic mail applications, allows you to send signed and/or encrypted messages, thus protecting your electronic mail in two important respects:

  • confidentiality - the message sent cannot be intercepted by unauthorized people, as it can be deciphered and therefore read only by the intended recipients;
  • authenticity and integrity - the recipient can verify that the sender is really the one that appears and that the message has not been altered after being sent.

Actalis offers S/MIME certificates trusted on all major platforms and supported by e-mail applications conformant to the S/MIME standard. Thanks to Actalis S/MIME certificates you can make your email really secure, regardless of the features of the email service you use. Actalis provides different S/MIME certificate services according to different applicable policies. See below the essential information about the services available to date.

Available policies

  • Free S/MIME Certificates. Only contain the owner's email address. One (1) year of validity. "Best effort" customer support.
  • Corporate S/MIME Certificates. May contain further identification data, such as the owner's name and surname, organization name, organizational unit name, country, etc. Up to three (3) years of validity. On request, these certificates can be signed with the RSASSA-PSS algorithm as required in particular contexts (e.g. [email protected]). Enterprise customer support available on request. 

Issuance procedure

S/MIME certificates are issued via an on-line procedure (see "Certificate request web forms" below).

You can request your Free S/MIME certificate any time, without any prior steps being necessary by other parties.

For Corporate S/MIME Certificates, a few preliminary steps involving the Customer (the organization that end users belong to) are required:

  1. Customer must send to Actalis, in a secure way (*), a list of personal data of all the end users that should be issued a certificate;
  2. Actalis delivery team will then process the above list, obtaining a unique "voucher" code which is reported to Customer;
  3. Customer must then share the "voucher" code with all its end users (only to those entitled to receive a certficate);
  4. Finally, end users can go to the request web form (see below) and request their certificate, provided they can enter the correct voucher code and their correct email address (as previously communicated to Actalis by Customer at step 1).
(*) Details are provided to Customer subsequently to receiving a purchase order for Corporate S/MIME Certificates. To get a quote, please contact Actalis' Sales department.

Regardless of the chosen certificate policy, submission of the web-based request form requires that the requestor also enters a "challenge" sent to him/her by email. This allows the CA to verify that the requestor can access to the mailbox at the address to be included in the certificate.

After properly filling-out and submiting the on-line request form, the user obtains his/her certificate in real time as a PKCS#12 file (.PFX extension), therefore also containing the private key. The password protecting the .PFX file is shown in the browser window. After downloading the .PFX file, the user can import it into his/her favourite email application and start sending signed and/or encrypted emails.

Certificate request web forms

Service documentation

Email applications currently supported

  • Microsoft Outlook
  • Windows Live Mail
  • Mail for Windows 10
  • Outlook Web Access + S/MIME Control
  • Apple Mail (OS X 10.6+, iOS 8+)
  • Mozilla Thunderbird v52 or newer
  • Gnome Evolution v3.18 or newer
  • SeaMonkey v2.46 or newer
  • eM Client
  • The Bat!
  • CipherMail (for Android)
  • R2Mail2 (for Android)
  • Nine (for Android)
  • Fossa Guard Pro

Guides to installing and using your certificate

To learn more about S/MIME certificates...