Securing your ticket communication

Jens Bothe, 10. Dec 2013 | AdministrationBest PracticesConsulting

The actual discussion on  possible unwanted readers of your mails shows the need to encrypt emails. OTRS has the possibility to sign and encrypt via S/MIME and PGP/GnuPG.

For enabling PGP only a few steps are needed. So this post shows how to setup PGP on your system.

Step 1 – Install GnPG

Step 2 – Create a key:

Enter the following command in your shell and follow the instructions

gpg --gen-key

Step 3 – Export Key:

gpg --export -a > public.asc
gpg --export-secret-key -a > private.asc

Step 4 – Activate PGP in sysconfig:


Step 5 – Upload Keys:

PGP_Key_Management_-_Admin_-_OTRSYou have to upload the public and the private key. Please ensure that you are using the Key ID of the secret key within Crypt::PGP for assigning the password! You also should be sure that the .gnupg directory was created and is assigned to the webserver user (thats why it is suggested to run the webserver with the OTRS user!) You can also have a look at the documentation for more hints.

Step 6 – Upload Customer Public Keys:

For encryption of emails to customers and verifying signatures OTRS needs the public key of your customer users stored. They can be uploaded via Customer Interface or the customer management screen in agent interface.

Preferences_-_OTRSStep 7 – Work with signed and encrypted mails

Now we can send and receive signed and encrypted mails

2013121056000081_-_Zoom_-_Ticket_-_OTRS-2Reply encrypted:

2013121056000081_-_Compose_-_Ticket_-_OTRS-4Verify changed mails:

2013121056000099_-_Zoom_-_Ticket_-_OTRS-2Happy ((encrypting))


zmh at 30.11.2016, 05:10

Could you show the configuration of s/mime and usages? Thank in advance.

Jens at 16.10.2014, 16:44

Hi Peter, actually not. But I would be happy to discuss your needs and send you a ballpark for the needed development. Please send me a mail to with some description of the wanted feature.

Peter at 16.10.2014, 15:22

Is it possible to have 1) sign each outgoing mail signed by default (autoresponder also) 2) encrypt each outgoing mail if recipient's key is in the OTRS system already

Bernd Renzing at 24.07.2014, 14:18

Could you show the same with s/mime?

Your email address will not be published. Required fields are marked *

This site uses cookies. By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.