To reduce the cost of purchasing client devices and corresponding service charges, an enterprise may allow employees to utilize personal client devices under a “bring your own device” (BYOD) policy to access enterprise resources, such as electronic mail, contacts, calendar data, virtual private network (VPNs). Within the enterprise setting, client device administrators configure client devices to gain access to such resources, thereby allowing employees to remain highly productive regardless of whether the employees are on premises at the enterprise facility. Controlling email access is critical to ensure that email resources can only be accessed by authorized parties. Information technology (IT) administrators utilize access credentials to control which client devices can access email resources. Encryption protocols can be employed to ensure that the content in email messages remain secure. For example, Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for encrypting the content of email messages, where a public key/private key methodology is employed. For configurations involving the use of S/MIME, email certificates are many times stored in an enterprise certificate server that incorporates a directory service such as MICROSOFT Active Directory.