Knowledge Base

How to Set Up S/MIME for Gmail in Google Workspace

Updated on June 2, 2026

Overview

By the end of this article, you will have S/MIME (Secure/Multipurpose Internet Mail Extensions) enabled for your Google Workspace domain and a personal S/MIME certificate installed in your Gmail account, ready to send and receive encrypted, digitally signed email. The article covers three phases in order: confirming prerequisites such as a supported Google Workspace edition and a certificate from a trusted Certificate Authority (CA); enabling S/MIME in the Google Workspace Admin Console; and uploading your personal certificate bundle in Gmail. A final verification step confirms the certificate is active and that outgoing messages are correctly signed and encrypted.

What is S/MIME?

S/MIME is an industry-standard protocol for email security that uses public-key cryptography to encrypt message content and apply a digital signature that verifies the sender’s identity. Gmail supports S/MIME in Google Workspace so recipients see a verified sender indicator on signed messages and so encrypted messages can only be read by their intended recipients.

Prerequisites

Before you begin, confirm each of the following:

A Google Workspace account on a supported edition: Enterprise Plus, Education Plus, or Frontline Plus. Free Gmail accounts cannot use S/MIME.

An administrator who can enable S/MIME for your domain in the Google Workspace Admin Console.

A valid S/MIME certificate issued by a trusted CA, delivered as a .p12 or .pfx file along with the password that protects the certificate’s private key.

Steps

Enable S/MIME encryption in the Admin Console

Go to Apps > Google Workspace > Gmail > User Settings.

Open the S/MIME setting.

Select Enable S/MIME encryption for sending and receiving emails.

Select Allow users to upload their own certificates.

Click Save.
Figure 1: The Admin Console User Settings page for Gmail, with the S/MIME row visible and currently off.

Enable S/MIME encryption in Google Admin dashboard

Figure 2: The expanded S/MIME settings dialog with both checkboxes selected and “2 unsaved changes” pending.

Install your S/MIME certificate in Gmail

Click the Settings gear in the upper-right corner and select See all settings.

Open the Accounts tab.

Next to Send mail as, click the edit info link for your address.

Click Upload a personal certificate and select your .p12 or .pfx file.

Enter the password supplied by your CA when prompted. The certificate’s private key is encrypted with this password; if the password is lost, the certificate cannot be imported.

Select Use this certificate, then click Save Changes.

Enable S/MIME encryption and allow users to upload certificates

Figure 3: The Gmail Accounts tab with the edit info link circled next to the Send mail as address.

Accounts tab in Gmail Settings
Figure 4: The Edit email address and encryption settings dialog showing the Upload a personal certificate link.

Upload a S/MIME certificate to Gmail

Figure 5: The Add a personal certificate modal prompting for the certificate password.

Enter the certificate bundle password

Figure 6: The same Edit dialog after install: Use this certificate selected, with a Default certificate changed confirmation.

How to verify success

Send a test message from your Gmail account to a recipient who also uses S/MIME, then confirm the following:

The outgoing message shows an indicator that it was digitally signed.

The recipient sees a verified sender label on the message.

An encrypted message shows an enhanced encryption indicator — for example, a green padlock with a plus sign and the label Enhanced encryption (S/MIME) in the Gmail iOS app, or an equivalent indicator in other Gmail clients.

If these indicators are missing, repeat the Install step to confirm the certificate is uploaded and selected as the active certificate.

Gmail encryption settings