Update planned with respect to latest S/MIME CA/Browser forum guidelines for S/MIME

Reason for the Change

In accordance with the most recent CA/B Forum guidelines, starting from July 15th, 2025, Certificate Authorities (CAs) are prohibited from issuing any outdated versions of S/MIME Certificates. Consequently, we will transition to supporting the multipurpose generation of certificates.

Please note that the maximum validity permitted for multipurpose generation is 825 days. Consequently, the availability of a 3-year license will cease in the future.

What's Changing?

We will discontinue support for legacy certificates as of May 26th, 2025.

To support multipurpose, the Subject Distinguished Name (DN) must include either the givenName and surname or pseudonym.

We are aiming to introduce these new fields starting from December 9th, 2024. While these fields will be mandatory for APIs from May 26th, 2025, they will become mandatory for the User Interface from December 9th, 2024.

Furthermore, the validity of certificates will be limited to 2 years for all issued and reissued certificates starting from January 27th, 2025.

Please refer to the Summary of Changes provided below for more details:

Please note that in the multipurpose type, in case of Enterprise PKI for S/MIME and Personal Digital ID, the common name can only include a personal name (given name + surname) or pseudonym or an email address. For Personal Sign 2 Pro, Pseudonyms are not supported so common name can only include a personal name (given name + surname) or an email address.

What action needs to be taken?

We request you to start using these fields from their effective dates as indicated and make any necessary changes to your systems well in advance with respect to supporting these fields.

There will be no impact on your current issued certificates, and they will continue to work until their validity date.