Table of Contents

New Intermediate at DigiCert and GlobalSign

There will be a new intermediate certificate (ICA) for S/MIME products, effective for the CA DigiCert from 26.06.2024 and for GlobalSign from 24.06.2024.

After the (above mentioned) date, all SMIME certificates will be issued using this new intermediate certificate. There will be no impact on existing certificates. Intermediate certificates used for client authentication use cases that are manually installed on a server must be reinstalled before the specified date. In addition the access authorizations must be configured to accept new intermediate certificates.

A new intermediate certificate for Sectigo S/MIME products was already introduced in 2023 as part of the new S/MIME baseline requirements.


New Baseline Requirements

In order to standardize the issuing and administration of S/MIME certificates, the CA/B Forum had defined new requirements, taking effect at the beginning of September 2023.

  • As a result, the authentication (so-called "vetting") may change or, in the case of existing certificates, may have to be carried out again. In the case of a person representing an organization, it may be necessary to make a video call in the future.
  • Some S/MIME products will not be carried over to the new standards by the respective CAs and will be deprecated. Consequently, the following S/MIME products are currently no
    longer available at InterNetX: GlobalSign PersonalSign Class 2 and Sectigo Pro S/MIME Certificate
  • In the future, S/MIME certificates will be categorized into one of the following types: Mailbox-validated, Organization-validated, Sponsor-validated, Individual-validated
  • Additionally, a profile is assigned as well. This profile determines the maximum validity period: legacy (3 years), multipurpose or strict (2 years)
  • S/MIME certificates issued according to the "old" standards remain valid and can be used until the respective expiration date. A renew or a reissue might not be longer possible. Please see below for details.
--

Why S/MIME?

The S/MIME (Secure/Multipurpose Internet Mail Extensions) technology secures your email correspondence through encryption and signing.
The asymmetrical encryption protects S/MIME emails against unwanted access, i.e. the reading and modification of the email content by third parties.
The digital signature confirms the authorship of the email and notifies the recipient of any unauthorized changes, making it an effective means of detecting phishing emails. 

S/MIME certificates are cost-effective because an unlimited number of emails and documents can be sent pre-encrypted and signed within an email address. They are easy to integrate and use.

Mode of operation

Digital certificates digitally bind a cryptographic key to a user's identity, providing proof of the origin and integrity of the transmitted message.
Once the certificate is installed, the user can easily sign or encrypt selected emails with one click, or automatically sign and encrypt all emails with the digital certificate via the corresponding configuration.
S/MIME is supported by most mail clients (e.g. Microsoft Outlook, Thunderbird, Apple Mail, Lotus Notes and Mulberry Mail).

Overview of the available S/MIME certificates

The S/MIME certificates are issued via a digital ID for persons and departments of a company.

GlobalSign

No CSR is required when ordering.
Note for PersonalSign Class 2 Pro and PersonalSign Class 2 Department:
→ Certificates issued BEFORE August 16, 2023 can no longer be renewed. These must be reordered according to the new requirements (CREATE)
→ A reissue is generally no longer possible
→ An identifier is required when ordering. If this identifier is not available, then the identification as a government (authority)
or international company. The unique identifier can be: Value Added Tax (VAT), National Trade Registry (NTR) or Legal Entity Identifier (LEI) number.

Certificate NameDigital ID for UseTypeProfileDigital ID proves Right of OwnershipVerification (Vetting)
PersonalSign Class 1

For general or personal use

Mailbox-validatedLegacyEmail addressBy email

PersonalSign Class 2


EOL  announced by supplier for August 2023.
------In order to continue signing and encrypting emails digitally, other equally secure S/MIME certificates for your personal use are available in our portfolio.

PersonalSign Class 2
Pro

For a person who represents a company.
The company must be located within the EMEA region.
If you have any questions, please contact support.
Sponsor-validated

Legacy

Email address
Identity assurance of the person
Assurance of the existence of the organization

Execution in two steps (please in this order):

1.) Person: video call with GlobalSign Vetting Team
→ email invitation from vetting-emea@globalsign.com
→ book Video Call online
→ have ready original valid ID with photo, issued by government authority (copy is NOT accepted)
→ video call will take place in English
→ validity of the verification max. 825 days or max. until the validity of the ID document
→ alternatively notary certification
Detailed description from GlobalSign

2.) Organization: 
→ Via a call to the personnel department with a number from the phone book 
→ Company Register is checked

PersonalSign Class 2 Department

For a departmentOrganization-validatedLegacyEmail address
Assurance of the existence of the organization
By email
Company Register is checked


DigiCert

CSR is required when ordering.

Certificate NameDigital ID for UseTypeProfileDigital ID proves Right of OwnershipVerification (Vetting)
S/MIME Class 1
For general or personal useMailbox-validatedLegacyEmail addressBy email
Note that the link in the email is only valid for a maximum of 24h. To resend the email, please contact your support.
S/MIME Premium (Class 2)For a person who represents a companySponsor-validated

Legacy

Email address
Identity assurance of the person
Assurance of the existence of the organization

By email.
Via a call to the personnel department with a number from the phone book
Company Register is checked
Digital Signature PlusFor a person who represents a companySponsor-validatedLegacyEmail address
Identity assurance of the person
Assurance of the existence of the organization
By email.
Via a call to the personnel department with a number from the phone book
Company Register is checked



Digital Signature Plus

With the Digital Signature Plus certificate, it is possible to digitally sign documents using e. g. Microsoft Office (without Access), Adobe PDF, OpenOffice, LibreOffice, etc.
However, the following applies to Adobe PDF: It is possible to digitally sign documents, but these are not fully trusted, as the Digital Signature Plus is not listed in Adobe's Authorised Trust List (AATL).
→ For this use case, we offer the GlobalSign - Document Signing certificate.


Sectigo

CSR is required when ordering.

Certificate NameDigital ID for UseTypeProfileDigital ID proves Right of OwnershipVerification (Vetting)
Sectigo - Personal S/MIMEFor general or personal useMailbox-validatedMultipurposeEmail addressBy email
Note that the link in the email is only valid for a maximum of 24h.
Sectigo - Pro S/MIME

EOL  announced by supplier for August 2023.--

--

-- 

In order to continue signing and encrypting emails digitally, other equally secure S/MIME certificates for your personal use are available in our portfolio.
Sectigo - Enterprise S/MIMEFor a person who represents an entire companyOrganization-validatedMultipurposeEmail address
Identity assurance of the person
Assurance of the existence of the organization

By email
Via a call to the personnel department with a number from the phone book
Company Register is checked
Copy of the personal identification card
Verification image of the person with ID card in hand


More detailed information on the individual certificates can be found in our knowledge base.