SecuMail-Blog

  1. Home
  2. Uncategorized
  3. S/MIME: User vs. Domain Certificates

S/MIME: User vs. Domain Certificates

10. November 2020
By

What is the difference between user and domain certificates in S/MIME encryption? What do cloud-based email solutions do?

If you want to sign or encrypt e-mails, you need cryptographic keys. Usually, a key is generated and managed for each person (e-mail address). However, there is also the option of using only a single key for all users.

In some industries, various encryption methods based on S/MIME are used by the communication partners.

Since there are always questions here, we want to compare the following solutions:

  • User certificate: Individual certificates on all e-mail devices
  • Domain certificate: Central installation on the company mail server
  • SecuMail Encryption: Cloud Service for Email Security

 

‘ keys

Key

User Certificate

(on the device)

Domain Certificate

(on your email server)

SecuMail Encryption

(Cloud Service)
Key management, individual per user X X
Key management, only one key per email domain X
Key recognizable as trusted (CA-signed) X X
Key signed by yourself (not verifiable) X
Key manual manual automatic
Management of communication partners manual, individual manual automatic
Automatic renewal of certificates X
Applications User Certificate Domain Certificate SecuMail Encryption
Usable for encryption X X X
Usable for signing X X
Identity / organizational affiliation visible to recipients X X
Email archive searchable/exportable X
Installation / Setup
 User Certificate Domain Certificate SecuMail Encryption
No change / configuration on the client (e.g. Outlook, mobile device) X X
No changes to the mail server / firewall X X
no customization of ERP, CRM or otherwise. Do you need applications that use e-mail?
X
Mobile devices can be used Administration effort
 X
No change to mail routing (MX) X X
How often are changesnecessary? per device

per
Communication-
partner

 One-time setup by service provider

 

These are the differences between user and domain certificates in S/MIME encryption and the classification of our cloud service SecuMail Encryption, which we have implemented with our partners SEPPmail and SwissSign .

We will be happy to advise you on which variant makes sense for you and fits the requirements of your communication partners.

 

 

Tags:
GDPR Cookie Consent with Real Cookie Banner