I have often talked about the Possibility reportedto obtain free S/MIME certificates for signing and encrypting emails. There are now only a few providers that still offer free certificates. Some of the providers mentioned in the above articles either do not issue certificates at all or only issue certificates with a 90-day validity period. However, changing the S/MIME certificate every 90 days is often impractical, especially if you do not use a gateway for signing and encrypting/decrypting emails.
However, there is another provider that issues free S/MIME certificates with a term of one year: WISeID.
You can create a free account with WISeID using the following link:
Once the account has been created and your e-mail address has been confirmed, you can request a certificate in the account settings:
The certificates issued by WISeID are recognized as trustworthy by all common operating systems, browsers and e-mail clients. Here is the certificate chain of my S/MIME certificate from WISeID:
An additional nice feature of WISeID is that the certificate can also be used for authentication (e.g. for 2-factor authentication):
As already mentioned, the certificate is valid for 1 year. The private key is generated on the WISeID servers. However, I am not aware of any CA that issues free S/MIME certificates based on a CSR. So if you want a free S/MIME certificate, you will have to live with the fact that the private key is generated by the CA. Whether and to what extent WISeID is trusted must be decided by each individual (see note).
Note: The private key of the certificate should, as the name suggests, be private. The private key is used to decrypt emails. A CA that creates the private key for the user (and perhaps also stores it) would therefore be able to decrypt the e-mails encrypted by the sender using the recipient's private key.
Mit WISeID Basic gibt es bei mir folgendes Problem:
1. Die auf meinem GoogleMail Konto empfangene Test E-Mail wird als nicht vertrauenswürdig eingestuft mit der Fehlermeldung:
Die Signatur verwendet einen nicht unterstützten Algorithmus. Die digitale Signatur ist ungültig.
2. Wird im Kundenkonto von WISeID unter „Digital Certificates“ folgendes angezeigt:
OU=Person’s Identity not Verified – WISeID Basic Certificates
Hat da jemand eine Idee?
Im Endeffekt das gleiche Übel wie bei DGN. Auf WISeID habe ich meine Identität mittels Personalausweis bestätigt und wurde akzeptiert. Mein Trust-Level liegt bei 70%.
Leider ist die Gültigkeit der ausgestellten Zertifikate inzwischen auch auf 90 Tage begrenzt…
Wird jemand aus der aktuellen Mail von der Firma schlau?
Zitat:
Dear WISeID User,
We are contacting you as user of our free digital certificates.
Due to a change in the configuration of our systems, we will be cancelling a number of digital certificates this Thursday 9th of July. If you want to keep using this complimentary service, you are required to visit WISeID.COM and get a new certificate. This can be done from our mobile Apps (My WISeID App) if desired.
If you used this certificate for securing emails, the replacement will not affect to the messages already sent with it, but you won’t be able to use it after it’s cancelled this We apologise for the inconveniences.
Best regards,
WISeID Team
Tja „kostenlos“ hat halt immer einen Haken. Man/frau weiß nie wie das Kostenlos kostentechnisch firmenintern abgebildet wird – im schlimmsten Fall werden die Kundendaten verkauft und man hat keinen Einfluss drauf.
Kaum eine profiorientierte Firma macht kostenlos wirklich kostenlos.
Schön wäre, wenn LetsEnCrypt die Bereitstellung für Smime Zertifikate ermöglichen / dazu erweitert wird.