Certum

What Is Certum?

No European certificate authority undercuts Certum on price without a meaningful trade-off in capabilities. That's a bold statement in a market where Let's Encrypt offers DV certificates for free — but Certum competes on the commercial tier, and within that tier, its pricing is structurally lower than every major Western CA.

Certum was established in 1998 in Szczecin, Poland, making it one of Europe's oldest active certificate authorities. It operates as part of Asseco Data Systems, itself a subsidiary of Asseco Poland — a publicly traded IT group listed on the Warsaw Stock Exchange with over 30,000 employees and operations across Europe. The financial backing is genuine; this is not a small operation.

The product range covers the full spectrum of commercial trust services: DV, OV, and EV SSL certificates, code signing at both standard and EV levels, S/MIME email certificates, qualified electronic signatures under eIDAS, and timestamping. Twenty-six years of operation have produced a track record in Central and Eastern European markets — Polish government institutions, financial services firms, and enterprises throughout the region have used Certum certificates for decades.

The eIDAS qualified trust service provider status is Certum's most significant regulatory credential. It places Certum in the same compliance tier as DigiCert, Sectigo, and Actalis for the purposes of EU qualified signatures. Price aside, the legal standing is equivalent.

Key Features

DV, OV, and EV SSL Certificates

Certum's SSL portfolio starts with DV certificates at prices that frequently fall below EUR 15/year for single domains — a fraction of DigiCert's equivalent pricing. OV certificates, which verify the legal identity of the organisation behind the domain, run around EUR 90-100/year. EV certificates, with the most rigorous identity validation, sit around EUR 200-250/year.

To put this in context: DigiCert's EV certificates often exceed EUR 600/year. Sectigo sits in the EUR 300-400 range. Certum's EUR 200-250 pricing for EV delivers the same browser trust level at roughly a third of the DigiCert cost.

Wildcard and multi-domain (SAN) certificates are available across all validation levels. Certificate validity runs up to two years for most products, consistent with CA/Browser Forum requirements.

Code Signing Certificates

This is where Certum's pricing advantage is most dramatic. EV code signing certificates — which provide the Windows SmartScreen reputation boost that eliminates "Unknown Publisher" warnings for software installers — are available from Certum at around EUR 69-80/year. Sectigo and DigiCert charge EUR 300-500 for equivalent products.

EV code signing from Certum ships with a hardware token (required for EV code signing storage under CA/Browser Forum rules) included in the price. The practical workflow is identical to any other EV code signing certificate: you sign your software on the hardware token, and Windows attributes the signature to your verified legal entity.

For independent software developers and small software vendors, Certum's EV code signing price point is often the difference between affordable and unaffordable.

Qualified Electronic Signatures

Under eIDAS, Certum's qualified certificates can be used to create legally binding electronic signatures across all EU member states. This isn't simply a marketing claim — Certum appears on the EU Trusted List maintained by the Polish Ministry of Digital Affairs, which is the official government register of qualified trust service providers.

Qualified signatures can be produced via a hardware smart card token issued by Certum, or via Certum's remote signing service for higher-volume workflows. The legal effect is the same: a qualified electronic signature is equivalent to a handwritten signature under EU law, fully enforceable in courts and regulatory proceedings across Europe.

S/MIME Email Certificates

Certum offers personal and professional S/MIME certificates for email signing and encryption. These integrate with major email clients — Outlook, Thunderbird, Apple Mail — and with enterprise email gateway infrastructure for bulk signing deployments.

The S/MIME pricing follows the same pattern as SSL: meaningfully cheaper than Sectigo or DigiCert, with equivalent browser and client trust. For organisations deploying signed email across a workforce, the cost difference scales linearly.

Timestamping Authority

Certum operates both regular and qualified timestamping services. Qualified timestamping is particularly important for organisations with long-term document archiving requirements — it provides cryptographic proof of document existence at a specific time, admissible in legal proceedings. Few CAs offer qualified TSA services; Certum's inclusion here reflects its depth in regulated EU trust services.

Pricing

Certum's pricing is its defining commercial characteristic. DV certificates from around EUR 14.99/year. OV certificates from around EUR 89/year. EV certificates from around EUR 199/year. EV code signing from around EUR 69/year.

Multi-year purchases extend validity (up to current CA/Browser Forum limits) and often carry additional discounts. Volume pricing exists but requires direct contact with Certum's sales team for structured quotes.

The management portal for purchasing and certificate issuance is functional but dated — it lacks the modern UX of DigiCert CertCentral or Sectigo's dashboard. The ordering workflow involves more manual steps than buyers accustomed to polished American CA portals will expect.

Annual billing is standard. There is no monthly billing option for most products. This means upfront payment for the certificate term, which is the norm across the industry.

EU Compliance & Privacy

Certum's compliance credentials are as strong as any European CA. WebTrust for CAs audit confirms adherence to the global certificate issuance standards maintained by the CA/Browser Forum. ETSI EN 319 411 compliance covers the European technical standards for CAs. eIDAS qualified trust service provider status places Certum on the EU Trusted List maintained by the Polish government.

All operations are conducted in Poland, an EU member state. Data does not leave the EU. Asseco, the parent company, is a publicly traded Polish entity — no US ownership, no CLOUD Act concerns, no cross-border data transfer complications.

For regulated EU procurement, Certum's EU Trusted List status is often the decisive criterion. Public sector buyers in EU member states frequently require suppliers to appear on a national trusted list, and Certum satisfies that requirement for Poland — and by mutual recognition, across all EU member states.

Who It's Best For

Independent software developers who need EV code signing for Windows software distribution without paying Sectigo or DigiCert prices. Certum's EV code signing is the most accessible price point from a reputable European CA.

SMEs in Central and Eastern Europe where budget sensitivity is real and Certum's local market presence provides familiar purchasing and support processes.

EU public sector and regulated sector procurement where EU Trusted List status is a supplier qualification requirement. Certum's eIDAS status satisfies this cleanly.

Legal and compliance teams deploying qualified electronic signatures across a workforce. The cost savings versus DigiCert's equivalent products compound significantly at scale.

The Verdict

Certum makes a compelling case for any organisation that needs commercial-grade SSL or code signing certificates and where cost is a genuine consideration. The technical trust level is equivalent to DigiCert and Sectigo; the eIDAS credentials are genuine; the EU operational footprint is clean. What Certum gives up is tooling sophistication — the management portal is dated, ACME automation is limited, and English-language support coverage is thinner than buyers of major American CAs will expect. For organisations willing to trade UX polish for significant cost savings and strong EU compliance standing, Certum is hard to argue against.

Frequently Asked Questions

Is Certum a trusted certificate authority?

Yes. Certum is a WebTrust-audited CA whose root certificates are embedded in all major browsers and operating systems. It is also an eIDAS-qualified trust service provider, appearing on the EU Trusted List maintained by the Polish Ministry of Digital Affairs. Qualified certificates from Certum carry full legal recognition across all EU member states.

Why is Certum significantly cheaper than DigiCert or Sectigo?

Certum is operated by Asseco Data Systems, a Polish IT company with significantly lower operating costs than US-headquartered CAs. It passes these savings to customers while maintaining equivalent technical and compliance standards. EV code signing, in particular, is a fraction of competitor pricing.

Does Certum support ACME for automatic SSL renewal?

Certum has limited ACME support, and automation tooling is less mature than Let's Encrypt or DigiCert. For most setups, certificate renewal requires manual steps through the customer portal. If automated renewal is critical, consider supplementing Certum with a free Let's Encrypt or Buypass Go SSL deployment.

How do Certum's qualified electronic signatures work?

Certum issues eIDAS-qualified certificates for electronic signatures, which carry the same legal weight as handwritten signatures under EU law. These are used for signing contracts, tax documents, and official filings across all EU member states. Signing is done via a hardware token issued by Certum, or via Certum's remote signing service for volume workflows.

Where is Certum data hosted?

All Certum operations and certificate data are processed in Poland, an EU member state. Certum is operated by Asseco Data Systems, a subsidiary of Asseco Poland, with all infrastructure Poland-based. No data leaves the EU.