New requirements for S/MIME certificates from June 2025

(April 9th, 2025) New requirements for issuing S/MIME certificates, which are used for secure email communication—particularly for signing and encrypting emails or documents, will come into effect on June 1st, 2025. These changes stem from a new standard by the CA/Browser Forum and apply to all trusted certification authorities, including DigiCert.

Newly introduced are three different certificate profiles (Multipurpose, Strict, and Legacy), which determine what information can be included in the certificate and for what purposes the certificate can be used. In practice, this means, for example, that some optional information will no longer be able to be included in the certificate. The first name and surname (or nickname) must be included in the certificate—they are a mandatory part of the certificate and will no longer be optional.

However, our customers do not need to worry. We will automatically select the certificate profile that is most suitable for their needs and will still allow them to sign emails and documents without any restriction.

The practical impact of the change is only that the maximum validity period of the certificate will be shortened to two years. Your existing S/MIME certificates issued under the old (Legacy) profile are not affected by the new requirements. You can continue to use them until they expire.

If you have any questions, do not hesitate to contact us—we will be happy to explain everything and assist you with choosing a certificate.

More information can be found in the article New Certificate Profile Requirements for Public Secure Email (S/MIME) Certificates 2025 on the DigiCert website.