Is your S/MIME certificate compliant?

Use our certificate checker to compare your S/MIME certificate against the new CA/Browser
Forum’s S/MIME Baseline Requirements, going into effect on September 1, 2023.
Drag and drop Certificate or browse to upload a file

Upload a DER or PEM file type no more than 3 KB in size

S/MIME certificate linter

The S/MIME certificate checker scans your certificate against 150 potential errors. After scanning a certificate, you’ll receive detailed results outlining every critical error, warning and notice that may impact the compliance and security of your certificate, along with helpful information to ensure the certificate protects encrypted emails and meets the CA/Browser Forum’s S/MIME Baseline Requirements.

Note: the S/MIME Baseline Requirements apply to new certificates issued after September 1, 2023. The testing tool accepts certificates with .der and .pem extensions. It does not accept .cer, .crt or other certificate file formats.

Frequently Asked Questions

What is S/MIME?

What is an S/MIME certificate?

How do I get an S/MIME certificate?

What is PKI?

Can I run the S/MIME linter on my local computer?

What are the new S/MIME Baseline Requirements for 2023?

What is S/MIME?

S/MIME stands for Secure/Multipurpose Internet Mail Extensions. S/MIME is an internet standard to digitally sign and encrypt email messages. The encryption provided by S/MIME strengthens privacy and data security for electronic messaging, ensuring the message’s integrity remains intact during transmission. S/MIME is supported by all major email applications, including Apple Mail, Microsoft Outlook and Exchange, mobile OS email apps and more.

What is an S/MIME certificate?

An S/MIME certificate is an electronic document that uses public key infrastructure (PKI) to cryptographically bind a public key and an identity to achieve authentication, message integrity and non-repudiation of origin.

How do I get an S/MIME certificate?

You can get an S/MIME certificate from a certificate authority (CA) like DigiCert validate your senders, email addresses and organization, ensuring every email is signed and encrypted to prevent phishing and tampering.

What is PKI?

Public key infrastructure (PKI) is a system of processes, technologies and policies that allows you to encrypt and sign data. You can issue digital certificates that authenticate the identity of users, devices, or services. In S/MIME, public PKI is used to issue public TLS/SSL certificates, a type of digital certificate for public domains or web servers that can be viewed and logged publicly.

Can I run the S/MIME linter on my local computer?

To perform the S/MIME certificate check on your local computer, download the open-source certificate linter on GitHub.

What are the new S/MIME Baseline Requirements
for 2023?

On January 1, 2023, the CA/Browser Forum released the Baseline Requirements for the Issuance and Management of Publicly‐Trusted S/MIME Certificates, a set of standards governing the way certificate authorities (CAs) like DigiCert issue S/MIME digital certificates.

The Baseline Requirements apply to all publicly trusted digital certificates that include:

  • The Extended Key Usage (EKU) extension for id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4). 

  • An email address (as rfc822Name or otherName of type id-on-SmtpUTF8Mailbox) in the subjectAltName extension.

Learn how DigiCert solutions can
help you deliver digital trust

By supplying my information and clicking submit, I agree to receive communications about DigiCert products and services, and I agree to DigiCert and its affiliates processing my data in accordance with DigiCert’s Privacy Policy.

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.