I have often talked about the Possibility reportedto obtain free S/MIME certificates for signing and encrypting emails. There are now only a few providers that still offer free certificates. Some of the providers mentioned in the above articles either do not issue certificates at all or only issue certificates with a 90-day validity period. However, changing the S/MIME certificate every 90 days is often impractical, especially if you do not use a gateway for signing and encrypting/decrypting emails.
However, there is another provider that issues free S/MIME certificates with a term of one year: WISeID.
You can create a free account with WISeID using the following link:
Once the account has been created and your e-mail address has been confirmed, you can request a certificate in the account settings:
The certificates issued by WISeID are recognized as trustworthy by all common operating systems, browsers and e-mail clients. Here is the certificate chain of my S/MIME certificate from WISeID:
An additional nice feature of WISeID is that the certificate can also be used for authentication (e.g. for 2-factor authentication):
As already mentioned, the certificate is valid for 1 year. The private key is generated on the WISeID servers. However, I am not aware of any CA that issues free S/MIME certificates based on a CSR. So if you want a free S/MIME certificate, you will have to live with the fact that the private key is generated by the CA. Whether and to what extent WISeID is trusted must be decided by each individual (see note).
Note: The private key of the certificate should, as the name suggests, be private. The private key is used to decrypt emails. A CA that creates the private key for the user (and perhaps also stores it) would therefore be able to decrypt the e-mails encrypted by the sender using the recipient's private key.