Knowledge Base

How to Request an S/MIME (Client) Certificate Using SCM? 

Overview 

This article explains what an S/MIME certificate is and provides step-by-step instructions on how to request one using Sectigo Certificate Manager (SCM). 

What Is an S/MIME Certificate? 

An S/MIME (Secure/Multipurpose Internet Mail Extensions) certificate is a type of client certificate used to secure email communication. 

With an S/MIME certificate, you can: 

• Digitally sign emails, allowing recipients to verify that the message truly came from you and hasn’t been altered. 

• Encrypt emails, ensuring that only the intended recipient can read the message. 

S/MIME certificates are commonly used with email clients such as Outlook, Apple Mail, and Gmail (via supported configurations) and are issued to individual users, not servers. 

Prerequisites 

Before requesting an S/MIME certificate, ensure that: 

• An Enrollment Form has been created in SCM. 

• Your user (Person) record exists in SCM. 

• You have received the Enrollment Form URL and any required authentication details (such as a Secret ID). 

 

Steps to request an S/MIME certificate from Sectigo Certificate Manager (SCM): 

Part 1: Create an Enrollment Form for Client Certificates 

1. Log in to the SCM dashboard and go to Enrollment → Enrollment Forms. 

 

Click the Add (+) button to create a new enrollment form. 

 In the Create Enrollment Form window: 

• Name: Enter a clear, descriptive name (for example, OrgName – Client Certificate). 

• Type: Select Client certificate self-enrollment. 
   

 On the Details tab, click Generate to create the Enrollment Endpoint URL. 

• Make sure to save this URL, you’ll share it with users later. 

 
 

 Switch to the Configuration tab and set up authentication: 

• Choose Email Confirmation or Secret ID. 

 
 

• (Optional) Add help instructions or a link to an external help page if users may need guidance. 

Click Save to finish creating the enrollment form. 

 Part 2: Add an Account to the Enrollment Form 

1. Go back to Enrollment → Enrollment Forms and open the form you just created. 

2. Select the Accounts tab and click Add (+). 

 

 

Enter the account details: 

• Name 

• Organization 

• Department 

• Select the appropriate certificate profile(s) and CSR generation method (typically Server).Choose an authorization method (Secret ID or Access Code). 
   

4. Click Save to add the account. 

 

Part 3: Add Persons in SCM 

1. In the SCM dashboard, navigate to Persons.
2. Click Add (+) and fill in the required information: 

 

 

 

• Organization, Department, Domain 

• First Name, Last Name, Email Address 

 

3. On the Details tab, configure the Common Name (CN), Validation Type, and Secret ID (if applicable). 

 

 

4. Click Save. 

• If you’re adding multiple users, you can also use the CSV bulk import option. 

 

 Part 4: Request a Client Certificate 

1. Open the Enrollment Form URL that was generated earlier. 

 

2. Authenticate using Email Confirmation or Secret ID, depending on how the form is configured. 

 

 

3. Complete the enrollment form and submit the request. 

4. Once issued, download the certificate. This is typically provided in PKCS#12 (PFX) format. 

 

 

 

Related Articles:  
Tags: