Software and Platforms that support e-mail encryption


Full E-mail clients that support S/MIME

Here you find a short excerpt of S/MIME supporting full E-mail clients


Webmailer that natively support S/MIME

If you use a webmailer you should uses one of the full E-mail clients stated above. But there are some webmailer that natively support S/MIME via the browser:


Algorithms and Trust settings we recommend


Algorithms we recommend

  • We recommend using a 2048-bit RSA certificate for E-mail signing. The intermediate CA that issued the certificate should at least use SHA-2 256-bit as signing algorithm.

  • For the signing of E-mails with your E-mail client we recommend using SHA-2 256-bit or higher for siging the actual message.


Excerpt of Certificate Authorities we trust

  • Apple
  • Allianz
  • A-Trust
  • Certum
  • Chamber of e-commerce
  • Datev
  • DigiCert
  • D-Trust
  • enTrust
  • IdentTrust
  • GlobalSign
  • Go Daddy
  • Hofer / Aldi
  • Members of European Bridge CA
  • Microsoft
  • QuoVadis
  • SectiGo (formerly Comodo)
  • Starfield
  • SuisseSign
  • Telekom Germany
  • TÜV Rheinland
  • Verizon
  • WiseKey

My company only issues self-signed S/MIME certificates how can I get trusted?

In this case use the contact at the bottom of the site and we will validate your certification authority and report our trust decisions to you.


Root and Intermediate Certification Authorities we use for our own S/MIME certificates = certificate chain

Root CA - QuoVadis Root CA1 G3

RSA 4096 – SHA256

Valid until: 12/Jan/2042

Serial: 78585f2ead2c194be3370735341328b596d46593

DER/CER format download
PEM format download      

Issuing CA - Quo Vadis Swiss Advanced CA G3

RSA 4096 – SHA256

Valid until: 11/Feb/2028

Serial: 41e89ed3562149c894bddb7bdedd7ec569c72490

DER/CER format download

Frequently asked questions


What does happen if I receive a signed mail and my mail / webmail client does not support S/MIME?

The mail will be shown in you webmailer/mail client like any other mail. The identity of the sender (= S/MIME certificate) is added as an .p7b attachment to the mail.


What does happen if I receive a mail that was encrypted with my public certificate on a mail client that does not support S/MIME or does not have access to my certificate?

You can only read the e-mail with the system / mail client where your certificate with private key was installed. Please transfer your certificate (.p12 or PEM file) to the other system and use a supported mail client.


See how Red Bull works with signed & encrypted e-mails

If you have any more questions

Contact us here

Explore the world behind the can