FAQ for S/MIME

How is the encryption and signing of emails implemented?

The signature and encryption of emails can be configured in the settings of the email client. You can find relevant instructions in the installation guide or on the support pages provided by your email client.

How is the exchange of keys carried out?

In order to activate the encryption, a signed email must first be sent to the recipient, who in turn replies with a signed email. Only after this can both contacts mutually send encrypted emails to each other.

Can encryption always be used?

Email encryption can only be used when the recipient is also using an S/MIME certificate and the exchange of keys has taken place.

Do keys only need to be exchanged once?

This procedure is required for each and every contact person to whom encrypted communication should be sent. However, the exchange of keys only needs to be carried out once with each contact within the validity period. Please note that the exchange of keys must be carried out again after each certificate renewal.

Although the keys have been exchanged, the recipient still cannot read my emails. What is the reason for this?

The most likely explanation is that one of the keys is outdated or incorrect. In order resolve this, delete the contact AND the saved certificate in your email client and then add the contact once again. The new key will be saved, after which encrypted emails can once again be exchanged.

Can the recipient see whether an email has been encrypted or signed?

Yes, symbols are displayed in the header of the email client to indicate whether the email has been encrypted and/or signed. An envelope indicates a signature and a padlock stands for encryption. The symbols can vary depending on the email client. By clicking on one of the symbols, you can access detailed information about the certificate used and about the certificate owner.

When sending an encrypted email, I get an error message saying that the email could not be sent. What is the reason for this?

This can happen if the keys have not yet been exchanged or if the recipient is not using an S/MIME certificate.

What happens after an S/MIME certificate is renewed?

The new certificate must be implemented on the email client again. As a new pair of keys is generated, these must be exchanged with your contacts. Please note: as the old key is no longer valid, encrypted correspondence is not possible until the new keys for this certificate have been exchanged. However, old emails can still be read.

My certificate has expired. Can I still read encrypted emails?

Yes, as long as the key of the sender was saved while your own S/MIME certificate was valid. However, no keys can be exchanged with new contacts and consequently, no further encrypted emails can be received.

Where can I check whether the certificate has been installed correctly?

If the certificate has been installed correctly, it will be visible in the certificate index of the email client. The S/MIME certificate must be located in the certificate folder "Personal" or "Your certificates".

I no longer have my S/MIME certificate. What should I do?

If you do not have a backup of your certificate, it must be reissued. After a reissue, the same procedure must be followed as after a renewal. We strongly recommend making a backup of the certificate. Instructions for this can usually be found on the support pages provided by the email client.

How can I use the certificate on additional devices?

During the first installation of the certificate, you must select the option to allow the export of the private key.

Is it possible to use the S/MIME certificate on multiple computers, e.g. work station and laptop?

Yes, the certificate can be used on multiple devices. In order to do so, the complete certificate package including the root certificate must be exported and subsequently imported to the other devices. You can find relevant instructions on the support pages provided by your email client.

How long is the period in which I can download my S/MIME certificate?

After the S/MIME has successfully been issued, you have 30 days for the initial download. After this, a request for a new download link can be submitted to the CA. Please contact the support of the relevant CA directly with your Order ID.

I cannot remember the password to download a GlobalSign S/MIME certificate. What should I do?

In this case, the existing order must be cancelled and the order must be restarted. Please contact the InterNetX Support Team for assistance.
Please also note that in the case of bulk orders (reissue and renew), the password set once for the registration in each case remains valid and no new passwords can be defined.
However, you can assign a new password for both order types at any time in Single Mode.

The issued certificate includes data that is not correct (e.g. incorrect spelling of a name). How can I correct this?

As soon as an order has been received by the certificate authority (CA), the data can no longer be changed. The order must be cancelled and restarted again. Please contact the InterNetX Support Team for assistance.

How or where do I receive my S/MIME certificate after it has been issued?

In general, the certificate or the link for certificate download is always sent to the email address for which it was ordered. It is not possible to send the certificate to another email address.

I have not received the email for confirmation/download. What should I do?

Please make sure that the mail account is externally accessible. The settings for firewalls and spam filters etc. should also be checked. It is advisable to add the domains or addresses for the relevant CAs to the white lists.

Can the S/MIME certificate be used to sign documents?

Yes. However, please note that the signatures are not classified as trustworthy by e.g. Adobe Reader. For this reason, we recommend the use of a "real" document signing certificate, e.g. from GlobalSign.