Public and private keys present in the digital certificate are applied via an automated function that is built into standard email platforms; this is virtually transparent to users. Each certificate is issued with private keys that are used for electronically signing your emails and corresponding public keys that others can use to send you encrypted email communications. Once another email user has received a signed email from you, he or she can save your certificate and use the associated public keys to send you encrypted emails. This means that the data that is included in the messages cannot be viewed by anyone who does not have access to your corresponding certificate private keys which are required to unlock the message.

These certificates are compliant with the S/MIME (Secure/Multipurpose Internet Mail Extensions) standard for public key encryption and signing of MIME data.

Once your TrustID Secure Email Certificate is downloaded, it can be used with various browsers; however, you must use Internet Explorer® to retrieve your certificate. After installation of your certificate in Internet Explorer®, you can export it for import into other browsers, if desired.

IdenTrust currently supports Internet Explorer® versions 9, 10 and 11.

Your TrustID Secure Email Certificate can be configured on these Email Client applications:

  • Microsoft® Outlook and Outlook Express
  • Mozilla® Thunderbird
  • Lotus Notes® Email
  • Apple® Mail

To learn how to digitally sign or encrypt email messages on any of these Email Client applications, please follow the instructions in our Education Support Center for TrustID.

Yes, your TrustID Secure Email Certificate can be used to sign email communications. Be aware that when you sign with a Secure Email Certificate, the name that is displayed in the certificate will be your email address, not your name.

No, your TrustID Secure Email Certificate is only intended to verify the email address in the certificate, not the identity of the person using it. Alternate TrustID Certificates such as Personal or Business certificates can be used to secure emailed communications, as well as to digitally sign electronic documents.

TrustID Secure Email Certificate revocation can be initiated by:

  1. Sending a signed email message containing the reason for revocation and using the Private Key for which revocation is requested to: helpdesk@IdenTrust.com; or by
  2. Calling the IdenTrust Help Desk at 888.248.4447.

A backup will allow you to:

  1. Keep a copy of the certificate in case it needs to be reinstalled.
  2. Import your certificate to an alternate computer for use. This will allow you to use your certificate on multiple computers or a new computer avoiding the need to reapply for a new certificate.
  3. Store your certificate on a third-party device such as a USB flash drive or external hard drive in case of a hard drive or system failure.
  4. Import your certificate for use in alternate browsers.

Yes, these certificates are based on SHA-256. In 2002 SHA-256 became the new hashing standard to better protect encryption with a larger key-size (256 instead of 128) making it much more difficult to hack.