S/MIME Comparison

SectigoSectigoEntrustEntrustGlobalSignGlobalSignDigicertDigicert
PublicPrivatePublicPrivatePublicPrivatePublicPrivate
Digital signature trusted by email apps automaticallyYYYY
Digital signature trusted by email apps requires root cert import YYYY
Dual use and individual use digital signature & encryption key YYYYYY
Harvest existing Microsoft CA issued certs and reissue replacement from Cloud CA YY
Separate digital signature & encryption key, non-repudiation of digital signature YYYY
Encryption key archival with self-service web portal enrollment. In the event encryption key destroyed, can recover to decrypt existing emails YYYY
Encryption key archival with all enrollment methods 1Q191Q19YY
Encryption key history provided to mail app, to be able to decrypt emails using an older key 1Q191Q19YY
Automatic certificate enrollment for Windows outlook YYYYYY
Enrollment to MDM email applications using SCEP for auth & signing Intune, AirWatch, Blackberry, Mobile Iron, IBM, Citrix YYYYYY
Automatic certificate enrollment for Apple Mail on iOS & optionally automatically provision email account in apple mail with SMIME configured. 1Q191Q19
Automatic certificate enrollment for Samsung Mail & optionally automatically provision email account in Samsung mail with SMIME configured. 1Q191Q19
Automatic certificate enrollment for Nine Mail TBDTBDY
Automatic certificate enrollment for Ciphermail TBDTBD
Automatic encryption certificate enrollment for Airwatch Boxer mail In ProgressIn ProgressYY
Automatic encryption certificate enrollment for Blackberry Work mail In ProgressIn ProgressYY
Automatic encryption certificate enrollment for Mobile Iron mail In ProgressIn ProgressYY
Automatic encryption certificate enrollment for Citrix mail TBDTBDYY
Automatic certificate provisioning to Microsoft GAL, recipient using Exchange ActiveSync can automatically find recipient with no user involvement 1Q191Q19YY
Certificate enrollment for users via browser interface (often for external users) YYYY
Automatic configure Windows Outlook to use encryption & sign certificate(s) 1Q191Q19YY
API which allows secure email gateway to obtain encryption and sign key, to allow for content scanning of encrypted emails 1Q191Q19
Utility for company Admin to recover employee encryption key in the event employee has left company Y for self service 1Q19 for otherY for self service 1Q19 for otherProSvcs
Optionally host directory for certificates issued, to allow for sender’s in community to send emails to the enterprise. On requestOn request
Encryption key archive optionally located at customer premise Planned for 2019Planned for 2019Y