What is S/MIME?
S/MIME stands for Secure / Multipurpose Internet Mail Extensions. With S/MIME, you can exchange signed and encrypted messages with others. But why should you do that?
-
Signing
is proof that a message hasn’t been tampered with and wasn't by an impersonator. In other words, it guarantees a message’s integrity and authenticity. -
Encryption
scrambles a message so that it can only be unscrambled by the intended recipient. In other words, it guarantees privacy and data security.
You can activate S/MIME in Zammad as well so that all your communication through Zammad is secure.
Prerequisites
You need two things in order to activate S/MIME in Zammad:
-
A certificate and private key for your own organization
(Use this to sign outgoing messages and decrypt incoming messages.) -
Certificates belonging to your contacts, or their issuing certificate authority (CA)
(Use these to verify incoming message signatures and encrypt outgoing messages.)
Where can I get a certificate?
The easiest way to get certificates is to buy an annual subscription through a commercial CA, such as:
- Sectigo (formerly Comodo)
- GlobalSign
Zammad is not affiliated with these CAs in any way.
You can also generate your own self-signed certificates, but the process is complicated and usually involves extra work for your contacts. Bear in mind that S/MIME only works if the other party is using it, too.
You can easily see the status of each message based on the corresponding icon:
Setting up S/MIME in Zammad
By default, S/MIME is disabled in Zammad. Enable it to complete the setup.
Next, you can start adding certificates and private keys and define the settings for the default behavior.
Once you're done, all your messages can be encrypted and signed!
Don't worry - this may sound a bit tricky now but it's actually quite straightforward. Check our Admin documentation for a step-by-step guide.