Hosted S/MIME now supports advanced controls for Root Certificate Authorities (CAs)

Gmail’s Hosted S/MIME solution currently requires certificates to be from certain trusted root Certificate Authorities (CAs) that meet very specific guidelines; however, a popular request from our enterprise customers has been allowing you to upload, from within the Admin Console, additional root certificates that you want Hosted S/MIME to trust. Today we’re making this possible for Gmail administrators using Hosted S/MIME.

Accepting additional Root Certificates

Google has a set of requirements for acceptable S/MIME encrypted messages which follow strict security guidelines; however, you may have noticed that recipients that don’t meet these requirements appear as not “trusted” and can’t be sent those messages. Once this new admin console control is available, you will be able to upload additional root certificates to ensure the email you want to have trusted by Gmail servers are designated as such for your users. For details on how to get started, see our Help Center article.

Please note: While accepting additional root certificates will remove the ‘not trusted’ indicator in Gmail, we recommend evaluating current certificate best practices as outlined here.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Available for G Suite Enterprise customers only

Rollout pace:
Full rollout (1–3 days for feature visibility)

Admins only

Admin action suggested/FYI

More Information
Help Center: Enable hosted S/MIME for enhanced message security
Help Center: S/MIME certificate profile requirements
Help Center: CA certificates trusted by Gmail for S/MIME

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates