S/MIME Enterprise standard Supported in all tariffs

S/MIME Certificates.
The enterprise standard.

Encrypt and digitally sign your emails with S/MIME X.509 certificates - the trusted standard in business environments. Supported by Outlook, Apple Mail, Thunderbird and all major email clients. eclipso Mail Europe supports S/MIME in all tariffs.

Create free account How it works
S/MIME certificate - email encryption and digital signature

End-to-end encryption

S/MIME encrypts the email content itself - not just the transmission path. Only the intended recipient with their private key can read the message.

Digital signature

A digital signature proves that the email genuinely came from you and has not been tampered with in transit. Legally valid in many jurisdictions.

Maximum compatibility

S/MIME is built into Outlook, Apple Mail, iOS Mail and all enterprise email clients - no additional software required for your recipients.

How S/MIME works

Transport encryption vs.
Content encryption.

There are two levels of email security. Transport encryption (TLS) protects the data path - but the email is readable on each mail server. S/MIME content encryption protects the email itself: only the recipient can decrypt it, regardless of which servers it passes through.

Import your personal S/MIME certificate directly in eclipso webmail: Settings → E-Mail | S/MIME Keyring Certificate Manager. Your certificate is ready to use immediately after import - no browser configuration needed.

Never decide per email again: in Settings → Account → Configuration you can enable "Digital Signature" and/or "Encrypt" as the default. All outgoing emails will then be automatically signed and/or encrypted.

To encrypt emails to a contact, you need their S/MIME public key. Simply send a digitally signed email first - your contact's email client will automatically save your public certificate. eclipso also manages public certificates from received signed emails in the certificate manager.
S/MIME certificate import in eclipso webmail

Certificate types explained

S/MIME certificates differ in their validation level – this determines how much trust recipients and email clients place in your digital identity.

Class 1

Email validation

The CA only verifies that you control the email address. Fast and straightforward – no ID required.

  • Suitable for private individuals
  • Fast issuance (minutes to hours)
  • Free options available
  • No identity verification
  • Not suitable for legal purposes
Recommended

Class 2 – Identity validation

Your identity is verified via official ID. The certificate carries your confirmed name, providing a higher level of trust.

  • Confirmed name in certificate
  • Recommended for professional use
  • Legally recognised in many contexts
  • GDPR Art. 32 compliant
  • Requires proof of identity
OV

Organisation validation

Both company and individual are verified via commercial register and ID. The certificate is issued in the company name.

  • Company name in certificate
  • Highest trust level
  • EPKI management for enterprises
  • For regulated industries
  • Requires company documents

What to look for when choosing a certificate

  • Trust store inclusion – The CA must be included in the Mozilla, Microsoft and Apple trust stores. Only then will your certificate be trusted by all major email clients without manual configuration.
  • Key length – At least 2048-bit RSA, recommended 4096-bit RSA or modern ECC (P-256 / P-384). eclipso supports all current key types.
  • Revocation service (OCSP / CRL) – Ensures email clients can check in real time whether your certificate is still valid and has not been revoked.
  • PKCS#12 export – The certificate must be downloadable as a .p12 / .pfx file so you can import it into eclipso and other email clients.
  • Note on expiry: Even after a certificate expires you can still decrypt previously received encrypted emails – as long as you keep the private key safe. Create a backup in good time.

Recognised certificate authorities

S/MIME certificates are issued by accredited CAs. The following providers are trusted in all major trust stores:

DigiCert
GlobalSign
Sectigo
D-Trust (DE)
HARICA (EU)
Actalis (free)
Tip: You can verify a CA’s trust store inclusion via the Common CA Database (ccadb.org). Actalis offers a free Class 1 certificate for 1 year – a great starting point for personal use.

Built into every major email client

S/MIME is an industry standard - no software installation required for your recipients.

Microsoft Outlook

Built-in S/MIME

Apple Mail

macOS & iOS

Mozilla Thunderbird

Built-in S/MIME

iOS Mail

iPhone & iPad

Exchange / 365

Enterprise

Any S/MIME client

RFC 5751 standard

Frequently Asked Questions

Both S/MIME and OpenPGP provide end-to-end email encryption, but they use different trust models. S/MIME uses X.509 certificates from accredited certification authorities (CAs) - the established standard in corporate IT, Outlook and Apple Mail. OpenPGP uses a decentralized Web of Trust and is free of charge. eclipso Mail Europe supports both standards.

Yes. S/MIME is supported in all eclipso Mail Europe tariffs including the free account. Import your X.509 certificate in Settings → Security → Certificate Manager and immediately start encrypting and signing emails.

Class 1: Only the email address is validated (simple, quick). Suitable for private individuals who simply want to encrypt emails.
Class 2: Additionally validates your identity (ID or company registration). Recommended for professional use, legal validity and corporate environments.

GDPR Article 32 requires that companies processing personal data implement appropriate technical security measures - including encryption. If you exchange personal data or confidential information by email (e.g. medical data, contracts, HR documents), S/MIME encryption fulfills this requirement for both external and internal communication.

Yes. Actalis offers free Class 1 S/MIME certificates valid for one year (renewable). These are fully compatible with eclipso Mail Europe. HARICA offers free certificates for academic institutions. For professional or legally binding use, a paid Class 2 certificate with identity validation is recommended.

After expiry you can no longer send signed or encrypted emails using that certificate. However, you can still decrypt previously received emails that were encrypted with it - as long as you securely retain the private key. Always create a PKCS#12 (.p12) backup before your certificate expires.

Secure. Signed. Professional.

eclipso Mail Europe supports S/MIME in all tariffs - including the free account. Import your certificate, configure defaults once, and communicate securely from your very first email.

Create free account All security features

Download Our Free App Now

Our app for iOS and Android includes the most important features and gives you mobile access to your emails, contacts, photos and files.

Download now for free from the Apple App Store or Google Play Store.

App Store Google Play
Download our free app now