Securing your ticket communication

Jens Bothe10. Dec 2013 | AdministrationBest PracticesConsulting


The practical examples presented in our technical blog ( and now in the expert category in our FAQ blog section serve as a source of ideas and documentation to show what is theoretically possible with OTRS in concrete scenarios or sometimes even for more exotic configurations. All configurations presented here were developed under laboratory conditions as a proof of concept. 

We can only guarantee testing and implementation of these concepts to be error-free and productive if implemented in a workshop with one of our OTRS consultants. Without this, the responsibility lies with the customer himself. Please note that configurations from older OTRS versions may not work in the newer ones.

The actual discussion on  possible unwanted readers of your mails shows the need to encrypt emails. OTRS has the possibility to sign and encrypt via S/MIME and PGP/GnuPG.

For enabling PGP only a few steps are needed. So this post shows how to setup PGP on your system.

Step 1 – Install GnPG

Step 2 – Create a key:

Enter the following command in your shell and follow the instructions

gpg --gen-key

Step 3 – Export Key:

gpg --export -a > public.asc
gpg --export-secret-key -a > private.asc

Step 4 – Activate PGP in sysconfig:


Step 5 – Upload Keys:

PGP_Key_Management_-_Admin_-_OTRSYou have to upload the public and the private key. Please ensure that you are using the Key ID of the secret key within Crypt::PGP for assigning the password! You also should be sure that the .gnupg directory was created and is assigned to the webserver user (thats why it is suggested to run the webserver with the OTRS user!) You can also have a look at the documentation for more hints.

Step 6 – Upload Customer Public Keys:

For encryption of emails to customers and verifying signatures OTRS needs the public key of your customer users stored. They can be uploaded via Customer Interface or the customer management screen in agent interface.

Preferences_-_OTRSStep 7 – Work with signed and encrypted mails

Now we can send and receive signed and encrypted mails

2013121056000081_-_Zoom_-_Ticket_-_OTRS-2Reply encrypted:

2013121056000081_-_Compose_-_Ticket_-_OTRS-4Verify changed mails:

2013121056000099_-_Zoom_-_Ticket_-_OTRS-2Happy ((encrypting))


Jens Bothe at 09.07.2020, 11:42

please check the admin manual or book an admin training

Raffael Reichelt at 15.04.2020, 07:08

I would like to se the s/mime configuration as well. See above in your blog post: "!OTRS has the possibility to sign and encrypt via S/MIME and PGP/GnuPG."

zmh at 30.11.2016, 05:10

Could you show the configuration of s/mime and usages? Thank in advance.

Jens at 16.10.2014, 16:44

Hi Peter, actually not. But I would be happy to discuss your needs and send you a ballpark for the needed development. Please send me a mail to with some description of the wanted feature.

Peter at 16.10.2014, 15:22

Is it possible to have 1) sign each outgoing mail signed by default (autoresponder also) 2) encrypt each outgoing mail if recipient's key is in the OTRS system already

Bernd Renzing at 24.07.2014, 14:18

Could you show the same with s/mime?

Your email address will not be published. Required fields are marked *