Knowledge Base

Overview 

This article explains how S/MIME certificate validation works, what information is verified, and what customers can expect during the process. It also provides guidance to help customers respond to validation requests and understand common reasons why S/MIME certificate issuance may take longer. 

S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates are used to digitally sign and encrypt emails, helping recipients trust the sender’s identity and protect sensitive information. 

Common Questions This Article Answers 

• What is an S/MIME certificate? 

• Who can request an S/MIME certificate? 

• What information is verified during S/MIME validation? 

• What actions are required from me during S/MIME validation? 

• How do S/MIME certificates help secure email communications? 

 

What Is S/MIME Certificate? 

An S/MIME certificate is a digital certificate issued by a trusted Certificate Authority (CA) that enables secure email communication. 

S/MIME certificates allow users to: 

• Digitally sign emails, confirming the sender’s identity 

• Ensure message integrity, detecting if content was altered in transit 

• Encrypt email messages, protecting sensitive information 

• Reduce phishing and spoofing risks by verifying sender identity 

S/MIME certificates are commonly used for secure internal and external email communication. 

S/MIME certificates are commonly used for: 

• Legal and financial email communications 

• Healthcare and government correspondence 

• Internal corporate communications requiring confidentiality and authenticity 

Any email communications that must be trusted, encrypted, or tamper‑evident 

 

How S/MIME Validation Works 

S/MIME certificate validation confirms three key things: 

1. The identity of the individual or organization requesting the certificate 

2. Control or authorization over the email mailbox(es) included in the certificate 

3. That the certificate request and Subscriber Agreement were properly authorized 

Validation follows industry standards (S/MIME Baseline Requirements) and to complete this process, information is verified using trusted public records, government sources, and direct confirmation with the applicant or organization. 

 

What Is Verified During S/MIME Validation 

S/MIME validation includes the following required checks. The exact requirements depend on the type of S/MIME certificate requested (individual or organization). 

Mailbox Authorization or Control 

• Verification that the applicant controls the email address(es) included in the certificate 

• An automated verification email is sent to the mailbox(es) to confirm authorization 

Identity and Legal Existence (Organization Certificates) 

• Verification of the organization’s legal existence using qualified government or tax information sources 

• Confirmation of:  

• Legal organization name 

• Jurisdiction of incorporation 

• Registration number (if applicable) 

• Active, good‑standing status 

• Legal names, DBAs, or DBA (Legal Name) formats are accepted if properly registered and verified 

Organization Identifier 

• An official Organization Identifier is included in the certificate 

• The identifier is constructed using validated government or registry data 

• Self‑declared identifiers are not permitted 

Physical Address Verification 

• Verification of the organization’s physical address using trusted public or government sources 

• Additional documentation may be requested if the address cannot be independently confirmed 

Contact Information (Method of Communication) 

• Verification of at least one working phone number or email address 

• Contact details must come from reliable third‑party data sources or government registries 

Subscriber Agreement and Request Authenticity (Callback) 

• Confirmation of the legal entity name, jurisdiction, and active status  

• Verification of any registered trade name or DBA (if applicable)  

• Authentication of the individual requesting the certificate via an automated Video ID session, ensuring the individual and their government issued photo ID are legitimate.  

• Acceptable organization name format in the certificate: Legal name or registered DBA  

 

What to Expect During S/MIME Validation 

While validation is in progress, customers may be asked to: 

• Complete the Subscriber Agreement 

• Confirm control of the email mailbox(es) 

• Respond to a verification call or email confirming certificate authorization 

• Provide additional documentation if requested 

Prompt responses help prevent delays. 

Customers can track validation progress and required actions using the link included in the order confirmation email. 

 

Certificate Request Authentication (Callback) 

Callback authentication is a critical part of secure and compliant S/MIME certificate issuance. This step helps prevent impersonation, fraud, and unauthorized certificate issuance. 

Authentication is completed by contacting the applicant or an authorized organizational representative using a verified phone number or email address obtained from trusted, independent sources. 

How Callback Authentication Works  

 

Callback authentication confirms that the certificate request was intentionally submitted and approved. The following callback methods may be used, depending on the situation:  

• Automated telephone callback  

An email is sent to the applicant’s administrative contact containing a link to initiate an automated call to a verified business phone number. During the call, a verification code is provided. Entering this code completes the authentication process. 

• Automated email callback 

A verification link is sent to a verified business email address. Clicking the link confirms authorization using a secure and traceable communication method.  

• Manual callback (phone or email) 

Manual callbacks are used when automated methods are unavailable or when additional verification is required. These callbacks are performed by a validation specialist using verified contact details. 

All callback methods are designed to ensure secure, reliable, and efficient authentication based on the applicant’s circumstances. 

If You Have Trouble Completing the Callback 

• If the automated callback fails but the phone number or email address is correct, contact support via chat to request a manual callback.  

• If the phone number or email address is incorrect or cannot be verified, upload documentation showing a valid business phone number or email address for your organization. 

This documentation must come from a reliable third‑party data source or government registry and list the contact details under the same organization name.  

Important Notes About Callback Verification  

• Callback authentication can only be completed using phone numbers or email addresses that are independently verified through reliable third‑party data sources or government registries.  

• Callback attempts are not made using unverified or self‑provided contact details.  

• Completing this step promptly helps prevent delays in certificate issuance. 

 

How to Avoid Common S/MIME Validation Delays 

Most S/MIME validation delays are caused by unverified email addresses, incomplete agreements, or mismatched identity information. The following tips can help ensure a faster process: 

Confirm Email Mailbox Access Promptly 

• Complete mailbox verification emails as soon as they are received 

• Ensure the email address entered in the order is correct and accessible 

Use the Correct Name and Organization Details 

• Enter the full legal name or verified organization name exactly as it appears in trusted records 

• Do not use abbreviations, nicknames, or unregistered names 

Complete the Subscriber Agreement Quickly 

• Review and complete the Subscriber Agreement as soon as it is received 

• Certificates cannot be issued until the agreement is completed 

Ensure Contact Information Is Verifiable 

• Use phone numbers or email addresses listed in reliable third‑party data sources or government registries 

• Avoid temporary or self‑provided contact details that cannot be independently verified 

Respond Promptly to Callback Requests 

• Complete verification calls or emails as soon as they are received 

• If contact information cannot be verified, additional documentation may be required 

Monitor Order Status and Emails 

• Regularly check the order confirmation email and validation link 

• Outstanding customer actions are the most common reason an S/MIME order appears delayed 

 

Frequently Asked Questions (FAQs) 

Why does S/MIME validation take longer than expected? 

S/MIME certificates require verification of mailbox control, identity, contact details, and authorization. These checks may require customer action or additional review. 

Why do I need to verify control of my email address? 

Mailbox verification confirms that only authorized users can receive and use the S/MIME certificate, helping prevent impersonation and email fraud. 

Why do I need to complete a callback (verification call or email)?  

The callback confirms that the certificate request was intentionally submitted and approved by the correct individual or organization. This step helps prevent unauthorized or fraudulent certificate issuance and is required for S/MIME certificates.  

How does the callback process work?  

Callback authentication is completed using a verified business phone number or email address. Depending on the situation, this may be done through an automated call, an automated email verification link, or a manual callback. All methods use secure and traceable communication channels.  

Why can’t the callback be completed using my provided phone number or email?  

Callback verification can only be completed using contact details that are independently verified through reliable third‑party data sources or government registries. Self‑provided or unverified contact information cannot be used for this step.  

What should I do if the automated callback fails?  

If the automated callback does not work but the phone number or email address is correct, you can contact support via chat to request a manual callback. Manual callbacks are performed using the same verified contact details.  

What if the phone number or email address on file is incorrect?  

If the contact information cannot be verified, you may be asked to provide documentation showing a valid business phone number or email address. This documentation must come from a reliable third‑party data source or government registry and list the contact details under the same organization name. 

What should I do if my S/MIME order seems stuck? 

Review pending actions in your order confirmation email, complete mailbox verification, ensure the Subscriber Agreement is completed, and respond to any verification requests.