Update 25.02.2019: There are here a new articleas this article is no longer valid.
Update 29.01.2019: See note/update at the end of the article. DGNcert is not stored as a trusted certification authority in Windows as I claimed. Therefore, please read the update at the end of the article first and then the comments.
Comodo used to be a reliable provider of free S/MIME certificates for email signing and encryption. Comodo then became Sectigo and no longer offers free S/MIME certificates:
I have been using an S/MIME certificate from Comodo, but this is about to expire. I therefore looked around for a new provider for free S/MIME certificates. I found what I was looking for at DGNcert:
The DGN offers free S/MIME certificates, which are issued just as easily as the old Comodo certificates. Here is a self-experiment to request a free S/MIME certificate from the DGN:
Of course, a few personal details must be provided, which can be found on the certificate.
The cell phone number is required to send the password for the private key. This means that the private key is generated on the DGN servers. It is therefore not possible to trace what happens to the generated private key. If it were assumed that DGN stores the generated private key, the provider would be able to decrypt encrypted emails:
The S/MIME certificate request is completed quickly after entering the data:
In my case, a corresponding e-mail landed in my mailbox a short time later:
After clicking on the confirmation link, I received the password directly by SMS and was able to request the certificate:
The DGN now generates the public and private key and offers both for download a short time later:
I was then able to download the certificate directly as a P12 file. The password was sent to me directly by SMS. This is what the generated certificate looks like:
It was issued by the SubCA "dgnservice CA 2 Type E:PN " which was signed by the RootCA "dgnservice Root 7:PN":
Both CAs are already in the Windows certificate store and are recognized as trustworthy, here is the certificate of the intermediate CA:
And here is the certificate of the root certification authority (root CA):
For individual S/MIME certificates, the DGN certificates are therefore a good free replacement for the Comodo certificates.
Update 29.01.2019: Thanks to the comments, it has come to my attention that I have made a false statement here.
DGNcert is by no means included as a trusted certification authority in Windows. The certificates of the CA are added during the creation of the S/MIME certificate. This means that an S/MIME certificate is valid on your own computer, but not for the recipient.
Although you can obtain a free S/MIME certificate from DGNcert, this may be just as trustworthy from the recipient's point of view as a self-created S/MIME certificate (in principle not at all). Although signed and encrypted emails can be exchanged, the recipient will receive a warning.
The better way is to request a free S/MIME certificate from Comodo, which is still available.
I apologize for this mistake and promise to do better in the future. Thank you for your comments, without which I probably wouldn't have noticed my mistake!
Update 19.02.2019Unfortunately, the new owner of the Comodo CA (Sectigo) no longer offers free S/MIME certificates. I will have a look to see if there is an alternative provider.
Update 25.02.2019: There are here a new articleas this article is no longer valid.