PSA: Sectigo (formally Comodo CA) Free S/MIME Certificates

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
3,030
Location
Gold Coast Hinterland, Australia
Hi guys,

Just a short PSA re the free email (s/mime) X509 Certificates that Sectigo (formally known as Comodo CA**) are now only 1 month, and not 12 months in duration.

For the last 7-8 years, I've been using Comodo CA's issued certificates for message integrity and encryption. (Comodo CA, along with a number of other CA's all provided free X509 Certificates for S/MIME for a number of years).

On renewing this month, have found that the new issued Certificate only has a 1 month duration instead of 12 months, and if you want 12 months, you now need to pay. (US$48 per year, multi-year discounts available). Note: Sectigo's Sales Team all ensure me that they still offer 12 months free, despite evidence otherwise.

I've done a quick search, and unfortunately those providers that used to offer free certificates for email, either no longer do, or have been purchased by Sectigo. A number of providers that still claim to offer free certificates were simply Comodo CA resellers and therefore whilst claim to offer a 12 month duration, direct you to the central Comodo CA site and only give you a 1 month certificate.

Therefore, it appears that free certificates for S/MIME are no longer available from the main CA's that most OS's and email client software trust. (Some smaller CA's still offer free certificates for email, but none are pre-trusted by OS or email client software, which is no better than using a self-signed certificate).

Whilst I'm more than capable of creating self-signed X509 Certificate for this purpose***, email client software will show the email as untrusted, as the software doesn't trust the signer or the certificate...

I guess I'll be looking more closely at an OpenPGP based solution moving forward... (In case you're wondering why I used S/MIME over OpenPGP, well S/MIME support is available in just about all email client natively, vs OpenPGP which requires additional software installation and knowledge).

** Comodo CA, rebranded as 'Sectigo' in late Nov 2018.
*** One of my recent programming projects: https://halimede.sourceforge.io/
 
Top