S/MIME Encryption
Setting up S/MIME in the mailbox Guard
S/MIME enables the encryption and signing of emails using certificates issued by trusted organizations, so-called Certificate Authorities. Signing allows the recipient to verify whether the emails truly originate from the respective sender. Encryption ensures that the content of the message is protected against unauthorized access or reading.
mailbox offers the option to import S/MIME certificates from selected organizations into the mailbox Guard. This allows you to encrypt and sign your emails with S/MIME.
Please note that you need a separate certificate for each email address (i.e., also for aliases, subdomain addresses, or mail extensions). The mailbox Guard only accepts certificates in PKCS12 format, that is, files with the extension .p12
or .pfx
.
Requirements
- A valid S/MIME certificate in PKCS#12 format (
.p12
or.pfx
) - An activated mailbox Guard service in the mailbox account
- One separate certificate per email address, alias, or subdomain
Tip: Not all certificate providers are equally compatible with mailbox. In the forum, users particularly recommend Sectigo, while some issues have been reported with D-Trust.
Step-by-step guide to setting up S/MIME in mailbox
1. Activate Guard
- Log in to your mailbox account.
- Navigate to: All settings | mailbox Guard | Start and configure mailbox Guard
- Activate the Guard service.
Note: The Guard only works via the web interface and not with email clients such as Outlook or Thunderbird.
Figure 1: Guard default settings.
2. Activate S/MIME in Guard
- Stay in the mailbox Guard section.
- Go to the menu item: S/MIME.
- Tick the box Activate S/MIME
Figure 2: Encryption via S/MIME.
3. Upload certificate
- Click on Upload private certificate.
- Upload your
.p12
or.pfx
certificate. - Enter the original password of the certificate.
- Set a new Guard-specific password.
Tip: This password will later be required for every decryption. Therefore, choose one that is secure but memorable.
Usage after successful setup
All emails you send via the web interface can now be automatically signed and encrypted – provided you have the recipient’s certificate. You can also make your own certificate public so that others can send you encrypted emails.
You have now successfully integrated your S/MIME certificate into the mailbox Guard.
Compatible S/MIME certificates
As mentioned in the introduction of this article, forum users particularly recommend S/MIME certificates from Sectigo.