Zammad supports S/MIME for high-security email communication.
🤔 Huh? I don’t see “Sign” or “Encrypt” options in the ticket view…
This feature is optional; if you don’t see it in the ticket composer, that means your administrator hasn’t enabled it yet. Administrators can learn more here.
What is S/MIME?¶
S/MIME is the most widely-supported method for secure email communication. With S/MIME, you can exchange signed and encrypted messages with others.
is proof that a message hasn’t been tampered with or sent by an impersonator.
In other words, it guarantees a message’s integrity and authenticity.
scrambles a message so that it can only be unscrambled by the intended recipient.
In other words, it guarantees privacy and data security.
🤝 S/MIME only works if the other party is using it, too.
Your administrator is responsible for adding all the necessary certificates in Zammad’s admin panel.
The 🔒 and ✅ icons at the top of a message indicate its S/MIME status.
This message was encrypted for you.
Even if it was intercepted by a third party (hacker, gov’t agency, etc.), they won’t be able to read it.
This message is not encrypted.
This message’s signature has been successfully verified.
You can be confident that it’s authentic and that the contents have not been modified.
This message is not signed.
Use the 🔒 Encrypt and ✅ Sign buttons to turn on encryption and signing for outgoing emails.
Outgoing emails can only be encrypted for a single recipient.
This message will be encrypted.
Even if it’s intercepted by a third party (hacker, gov’t agency, etc.), they won’t be able to read it.
This message will not be encrypted.
This message will be signed.
Recipients using S/MIME can verify that it came from you and that the contents have not been modified.
This message will not be signed.
- “Sign: Unable to find certificate for validation”
Without the sender’s certificate, Zammad cannot verify the message signature.
Ask your administrator to add the sender’s certificate to Zammad’s certificate store.
🕵️ ALWAYS verify certificates in-person or over the phone!
The whole point of signature verification is to alert you when someone is trying to pretend to be someone they’re not. Never accept a certificate from someone online without verifying it first.
- “Encryption: Unable to find private key to decrypt”
This message was encrypted with a certificate that does not match any on file. Without a matching private key, Zammad cannot decrypt the message.
Ask your administrator to verify your organization’s private key in Zammad’s certificate store, and ask the sender to double-check the public key they used to encrypt the message.
📢 Your public key can be safely shared with anyone.
(But if they’re smart, they’ll take extra precautions to make sure it really belongs to you.)
- The 🔒 Encrypt button is disabled
Ask your administrator to add the recipient’s certificate to Zammad’s certificate store.
- The ✅ Sign button is disabled
Ask your administrator to verify your organization’s private key in Zammad’s certificate store.