Zammad supports S/MIME for high-security email communication.
🤔 Huh? I don’t see “Sign” or “Encrypt” options in the ticket view…
This feature is optional; if you don’t see it in the ticket composer, that means your administrator hasn’t enabled it yet. Administrators can learn more here.
What is S/MIME?¶
S/MIME is the most widely-supported method for secure email communication. With S/MIME, you can exchange signed and encrypted messages with others.
is proof that a message hasn’t been tampered with or sent by an impersonator.
In other words, it guarantees a message’s integrity and authenticity.
scrambles a message so that it can only be unscrambled by the intended recipient.
In other words, it guarantees privacy and data security.
🤝 S/MIME only works if the other party is using it, too.
Your administrator is responsible for adding all the necessary certificates in Zammad’s admin panel.
The 🔒 and ✅ icons at the top of a message indicate its S/MIME status.
This message was encrypted for you.
Even if it was intercepted by a third party (hacker, gov’t agency, etc.), they won’t be able to read it.
|This message is not encrypted.|
This message’s signature has been successfully verified.
You can be confident that it’s authentic and that the contents have not been modified.
|This message is not signed.|
Use the 🔒 Encrypt and ✅ Sign buttons to turn on encryption and signing for outgoing emails.
Outgoing emails can only be encrypted for a single recipient.
This message will be encrypted.
Even if it’s intercepted by a third party (hacker, gov’t agency, etc.), they won’t be able to read it.
|This message will not be encrypted.|
This message will be signed.
Recipients using S/MIME can verify that it came from you and that the contents have not been modified.
|This message will not be signed.|
- “Sign: Unable to find certificate for validation”
Without the sender’s certificate, Zammad cannot verify the message signature.
Ask your administrator to add the sender’s certificate to Zammad’s certificate store.
🕵️ ALWAYS verify certificates in-person or over the phone!
The whole point of signature verification is to alert you when someone is trying to pretend to be someone they’re not. Never accept a certificate from someone online without verifying it first.
- “Encryption: Unable to find private key to decrypt”
This message was encrypted with a certificate that does not match any on file. Without a matching private key, Zammad cannot decrypt the message.
Ask your administrator to verify your organization’s private key in Zammad’s certificate store, and ask the sender to double-check the public key they used to encrypt the message.
📢 Your public key can be safely shared with anyone.
(But if they’re smart, they’ll take extra precautions to make sure it really belongs to you.)
- The 🔒 Encrypt button is disabled
- Ask your administrator to add the recipient’s certificate to Zammad’s certificate store.
- The ✅ Sign button is disabled
- Ask your administrator to verify your organization’s private key in Zammad’s certificate store.