Posteo Help Help categories Article

How do I create an S/MIME certificate for my Posteo email address?

S/MIME is a globally-used standard for end-to-end email encryption. An S/MIME certificate also verifies the authenticity of an email address and the contents of an email.

For years, S/MIME certificates have been difficult to obtain for private users. We want to encourage the use of S/MIME and are therefore offering low-cost S/MIME certificates for your Posteo address(es) effective immediately (March 2024). These certificates can be acquired with ease. The S/MIME certificates are signed by an official certification authority (Certum) and are displayed as trustworthy in email clients. The S/MIME certificates have a validity of one year and cost 3.65 Euro.

In this help article, you will learn how to create an S/MIME certificate in the settings of your email account.

Contents

  1. Requirements
  2. How to create an S/MIME certificate
  3. Frequently asked questions

Requirements for using S/MIME to sign and encrypt emails

  • You use Posteo in a local email client (e.g. Thunderbird, Apple Mail, Outlook).
  • For signing emails, you need your own S/MIME certificate; For encrypting emails, your communication partners must also use S/MIME.

You can find guides for using S/MIME in email clients in our help section and in the related help articles further below.

How to create an S/MIME certificate

  1. Open your Posteo account Settings.
  2. Click on the menu item My S/MIME certificates.
  3. Click on the drop-down menu Select email address.
  4. Select the email address for which you would like to create an S/MIME certificate.
  5. Click on Continue.
  6. Tick the box next to Generated certificates can not be retracted. I will receive and use my certificate immediately and I acknowledge that my right of retraction is waived by doing so.
  7. Click on the button Order fee-based S/MIME certificate.

The certificate will now be generated locally in your browser. Afterwards, your browser will automatically download two files: The certificate generated in your browser and a text file with the installation password for the certificate. Keep both in a safe place.

That's it! You have created an S/MIME certificate for your email address. You can now add the certificate in an email client using the installation password.

Frequently asked questions

Can I acquire additional certificates?

Yes. For example, you can acquire additional certificates for aliases.

Does Posteo save my private key?

No. Posteo does not generate the certificate on the server side. Private keys are never available to Posteo and are not saved by Posteo. With true end-to-end encryption, providers never have the private keys of end users.

How do I obtain the S/MIME certificate for a communication partner to encrypt emails?

Once you have received an email that was signed with S/MIME, your email client automatically imports the included S/MIME certificate for your communication partner. You can then respond with an encrypted email if you have configured S/MIME in your email client.

Can I use S/MIME in Posteo webmail and in the Posteo web app?

A browser plug-in for Posteo webmail and the Posteo web app is currently in development.

Related help articles