install SMIME Certificates

obtain free SMIME Certificates

Free certificates usable for S/MIME are available from:

Some of them are free only for personal use. It can also cost money to revoke a free certificate.

Let’s Encrypt does not currently offer S/MIME certificates. See for a thread explaining why you can’t use their SSL/TLS certificates for S/MIME.[edit]

To obtain certificate from an authority

Safari, Firefox and Microsoft Internet Explorer contain cryptotools capable of generating public/private keypairs. When signing up for a certificate with an authority, their website triggers your browser to create a keypair and transmit to them the public key, which is then certified. For this reason, when you return to pick up your completed certificate (typically a few minutes later), it is mandatory that you do so with the same browser on the same computer . You will otherwise not possess the private key necessary for pickup.

Be thoughtful about whether to select to “digitally sign all messages by default”. Institutional firewalls may protect their own security protocols and break your cryptographic signature, leaving your recipient with all kinds of warnings about the message being invalidly signed. As S/MIME usage is still not widespread, most people still don’t know how to interpret this. A broken signature will probably seem worse to them than receiving a message with no crypto signature at all, even though the contents are identical in both cases.

Webmail users will see an unreadable attachment which can raise similar questions.