Tips and Tricks: How to install an e-mail certificate

Today’s tip is about certificates. Not the kind we have thanks to the coronavirus pandemic, but these are important, too: e-mail certificates are a way for you to make your daily communication more secure. Installation is quick and easy.

Illustration: ETH Zurich
Illustration: ETH Zurich

It’s something you might have already noticed in e-mails from other members of the ETH community – a small seal next to the sender’s name:

This indicates an e-mail certificate. But do we even need such a thing?

What is an e-mail certificate?

Of course, there’s nothing stopping you sending e-mails without a certificate, but using one is a good idea. If the e-mail features a certificate, then you know the sender was verified – it’s like an official ID. That means, as the recipient, you can be sure that the e-mail was actually sent by the specified person and that no changes have been made to the content of the message, similar to a sealed letter. This makes the exchange of e-mails more secure, because certified e-mails play a major role in protecting against phishing and fraud e-mails.

Another advantage is that if both the sender and receiver have an e-mail certificate, and they’ve exchanged the public keys of their certificates, they can encrypt their e-mail traffic. The only way to read e-mails secured in this way is by using the private keys of the parties involved. If these private keys are stored securely, it’s practically impossible for unauthorised people to see the content of such e-mails.

How do I get a certificate?

ETH employees can create their e-mail certificate free of charge via the PKI Certificate Management Portal. If you don’t have the necessary permissions, please contact your organisation’s / department’s IT support group.

You can find instructions for how to install the certificate here. Please note: Accessing the website and installing the certificate is possible only within the ETH network or when working from home with a VPN connection.

Isn’t that very time-consuming and complicated?

Not at all. The instructions will help you order and install your certificate. We were able to complete the entire process in just seven minutes, so you can easily set the certificate up when you have a spare moment.

Can I also get certificates for group mailboxes?

Yes, there are also certificates for group mailboxes. However, to order one, you need to send a ticket to the service desk providing information on the “account”, “e-mail address” and “send-as authorisation group”. All members of the “send-as authorisation group” will then see this certificate in their personal PKI portal and can install it in the same way as for a personal certificate.

Your contribution to “Tips and Tricks”

Do you have anything to add to today’s tip? We’d be delighted to read your contribution in the comments column. And if you have any ideas for more tips, feel free to e-mail them to .

If you'd like to read some of our previous “Tips and Tricks” articles, you can find all of them here.

JavaScript has been disabled in your browser