New industry requirements for public Secure Email (SMIME) certificates

New upcoming, mandatory change to the issuance of publicly trusted S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates will be implemented end-August 2023. This change is driven by the CA/Browser Forum (CABF) and aims to enhance email communication's security and trustworthiness.

Sectigo and Digicert are an active members and contributors of the CABF and are required to adopt and comply with these new standards and follows all CABF requirements for theirs public certificates.

What is changing?

The CABF, a consortium of certification authorities and web browsers, has recently drafted and approved the Baseline Requirements for the issuance of Publicly Trusted S/MIME certificates to reinforce the security of email encryption and digital signatures, effective September 1, 2023. These changes will ensure strong encryption algorithms, secure key lengths, and reliable certificate validation procedures.

Key dates

CABF has a strict requirement for following the new S/MIME Baseline Requirements starting September 1. Therefore, to comply with CABF requirement,

Sectigo and Digicert will stop issuing and re-issuing existing SMIME certificates from August 28, 2023.

If you have S/MIME certificate renewals, reissues, or new orders scheduled for the end of August and the month of September, do these certificate-related activities early—before August 28. That way, your S/MIME certificate issuance will remain the same, eliminating potential surprises from the modifications to certificate profiles and the validation process. Certificates issued before August 28, 2023, can still contain the organization unit information and email-validated addresses, as needed.