FAQs
Frequently Asked Questions: S/MIME (email) Certificates
Q) What are the recommended browsers for requesting an email Certificate?
Q) How do I collect and install my email Certificate?
A) After the issuance of the Email Certificate, the user can download the certificate from their client area. You can find a download button appear with the order to download the certificate in a PKCS#12 format. It is mandatory to download the certificate using the same browser which was used to request the certificate.
Q) What should I do if I’m unable to download the certificate in P12 format?
A)The Private Key that corresponds to the certificate remains on the browser’s local storage. If the Private Key was lost, user will not be able to download the certificate in P12 format. In this case, user can raise a reissue of the certificate using the ‘Replace’ option available on the portal.
Q) How do I backup my email Certificate and Private Key?
A) The certificate will be downloaded as a PKCS12 format, which also acts as a backup. Along with the PKCS#12 file, a Private Key will be downloaded on the user’s computer. We recommend the user to keep a safe backup of the PKCS#12 and the Private Key file in a secure backup location, so that you can recover the certificate, in case if the user is facing any trouble in using the certificate.,
Q) How do I export my Public Key?
A) After downloading the PKCS#12 file, the user can again use the ‘Download’ button to download the user’s certificate, which includes the public key.
Q) What is the advantage of signing an email?
A) A digital signature attached to an email message offers another layer of security and provides additional assurance to the recipient, that you—not an impostor—signed the contents of the email message. Your digital signature, which includes your certificate and public key, originates from your digital ID. That digital ID serves as your unique digital mark and signals the recipient that the content hasn't been altered in transit.
Q) How does an email get encrypted?
A) An email is encrypted by using the "Public Key" of the sender, so only the recipient who owns the corresponding "Private Key" can read the encrypted email.
Q) Does the recipient of an encrypted email require an email Certificate?
A) Yes, an email can only be encrypted using the 'Public Key' of the recipient.
Q) How do I share my public key with potential email recipients ?
A) As the sender requires the 'Public Key' of the recipient for sending encrypted emails, the sender must share their 'Public key' to their recipient. You can accomplish this by sending them a 'Signed' email. In an Exchange Server environment, users can publish their 'Public Key' into GAL [ Publish to GAL ], so that users from the same organization can fetch the Public Key of their recipient from GAL.
Q) Can I use my email certificate on mobile devices?
A) Yes, an email Certificate can be ported to your personal mobile devices, such as; mobile phones, laptops, tablets, etc. You will have to export your Certificate into a PKCS#12 format and then import the PKCS#12 file to the personal device. You will then be able to configure S/MIME on your mobile devices.
Q) How do I renew my email Certificate?
A) Renewal is nothing more than ordering / requesting a new email Certificate for the same email address. You will receive a new email certificate upon request.
Q) Can I remove expired email Certificates from my system?
A) Yes. However, removing an email Certificate will delete the certificate and its Private Key. If you remove the expired Certificate from your system, you will not be able to read any old emails encrypted using the expired certificate. Therefore, it is not recommended that you remove any expired certificates. If you really want to remove the expired certificate, please make sure you have them backed up in PKCS12 format before removing them from your system.
Q) Should I re-send my Public Key to a recipient after I renew my certificate?
A) Yes, you will receive new Key Pair when your certificate is renewed. It is mandatory to distribute your new Public Key to your recipients, so they can continue to send encrypted emails to you.
Q) Can I recover/reset the password given to a P12/PFX file?
A) No, Passwords for PFX/P12 files were assigned by the user at the time of exporting it from the browser. It is impossible to reset / recover a lost password of a PFX file. However, if you have the Private Key downloaded along with the PKCS#12 certificate, you can build a new P12/PFX file using OpenSSL command.
Q) What should I do if I have lost my email Certificate?
A) We always recommend that our customers perform a backup of their email Certificate(P12 file) and the Private Key. If you have lost the P12 file, then you can recover the certificate using the Private Key. You can re-build the P12 file using the Private Key and the Certificate using OpenSSL command.
Q) What should I do if I have lost my Corporate email Certificate?
A) If you have a backup of the certificate in PKCS#12 format, you can recover it from the backup. If you don't have a backup of the certificate, then you need to revoke the certificate and purchase a new one.
A) Customers can use any web browser to request an email certificate. We recommend the use of Firefox/Chrome/Edge/Safari browsers.
Q) How do I collect and install my email Certificate?
A) After the issuance of the Email Certificate, the user can download the certificate from their client area. You can find a download button appear with the order to download the certificate in a PKCS#12 format. It is mandatory to download the certificate using the same browser which was used to request the certificate.
Q) What should I do if I’m unable to download the certificate in P12 format?
A)The Private Key that corresponds to the certificate remains on the browser’s local storage. If the Private Key was lost, user will not be able to download the certificate in P12 format. In this case, user can raise a reissue of the certificate using the ‘Replace’ option available on the portal.
Q) How do I backup my email Certificate and Private Key?
A) The certificate will be downloaded as a PKCS12 format, which also acts as a backup. Along with the PKCS#12 file, a Private Key will be downloaded on the user’s computer. We recommend the user to keep a safe backup of the PKCS#12 and the Private Key file in a secure backup location, so that you can recover the certificate, in case if the user is facing any trouble in using the certificate.,
Q) How do I export my Public Key?
A) After downloading the PKCS#12 file, the user can again use the ‘Download’ button to download the user’s certificate, which includes the public key.
Q) What is the advantage of signing an email?
A) A digital signature attached to an email message offers another layer of security and provides additional assurance to the recipient, that you—not an impostor—signed the contents of the email message. Your digital signature, which includes your certificate and public key, originates from your digital ID. That digital ID serves as your unique digital mark and signals the recipient that the content hasn't been altered in transit.
Q) How does an email get encrypted?
A) An email is encrypted by using the "Public Key" of the sender, so only the recipient who owns the corresponding "Private Key" can read the encrypted email.
Q) Does the recipient of an encrypted email require an email Certificate?
A) Yes, an email can only be encrypted using the 'Public Key' of the recipient.
Q) How do I share my public key with potential email recipients ?
A) As the sender requires the 'Public Key' of the recipient for sending encrypted emails, the sender must share their 'Public key' to their recipient. You can accomplish this by sending them a 'Signed' email. In an Exchange Server environment, users can publish their 'Public Key' into GAL [ Publish to GAL ], so that users from the same organization can fetch the Public Key of their recipient from GAL.
Q) Can I use my email certificate on mobile devices?
A) Yes, an email Certificate can be ported to your personal mobile devices, such as; mobile phones, laptops, tablets, etc. You will have to export your Certificate into a PKCS#12 format and then import the PKCS#12 file to the personal device. You will then be able to configure S/MIME on your mobile devices.
Q) How do I renew my email Certificate?
A) Renewal is nothing more than ordering / requesting a new email Certificate for the same email address. You will receive a new email certificate upon request.
Q) Can I remove expired email Certificates from my system?
A) Yes. However, removing an email Certificate will delete the certificate and its Private Key. If you remove the expired Certificate from your system, you will not be able to read any old emails encrypted using the expired certificate. Therefore, it is not recommended that you remove any expired certificates. If you really want to remove the expired certificate, please make sure you have them backed up in PKCS12 format before removing them from your system.
Q) Should I re-send my Public Key to a recipient after I renew my certificate?
A) Yes, you will receive new Key Pair when your certificate is renewed. It is mandatory to distribute your new Public Key to your recipients, so they can continue to send encrypted emails to you.
Q) Can I recover/reset the password given to a P12/PFX file?
A) No, Passwords for PFX/P12 files were assigned by the user at the time of exporting it from the browser. It is impossible to reset / recover a lost password of a PFX file. However, if you have the Private Key downloaded along with the PKCS#12 certificate, you can build a new P12/PFX file using OpenSSL command.
Q) What should I do if I have lost my email Certificate?
A) We always recommend that our customers perform a backup of their email Certificate(P12 file) and the Private Key. If you have lost the P12 file, then you can recover the certificate using the Private Key. You can re-build the P12 file using the Private Key and the Certificate using OpenSSL command.
Q) What should I do if I have lost my Corporate email Certificate?
A) If you have a backup of the certificate in PKCS#12 format, you can recover it from the backup. If you don't have a backup of the certificate, then you need to revoke the certificate and purchase a new one.
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
