# # Kerio Connect won't start after updating SSL certificate
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Kerio Connect won't start after updating SSL certificate

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© May 2019 Anthony Lawrence

Usually adding or updating Kerio Connect SSL certificates is easy. You just follow the directions at "Configuring SSL certificates in Kerio Control" and it's done.

Unfotunately, sometimes things aren't that easy. Certificates can be incorrect or damaged and although it is rare, it is possible that Kerio Connect cannot restart because of a bad certificate. The fix is quick and easy: drag everything out of the mailserver/sslcert directory and restart again. Connect will create a self signed certificate atomatically.

Now you just need to figure out why you had a problem.

One issue might be that your certificate needs to match your server's private key. You can check the files you dragged out using the "openssl" command.

 openssl x509 -modulus -noout -in server.crt
 openssl rsa -modulus -noout -in server.key
 

Those will spit out long strings of numbers that need to match:

Checking certs with openssl

If you have a crt that does not match its key, do NOT make it the Active certificate!

Intermediate certificates such as those provided by GoDaddy can also cause problems. The link I gave in the first paragraph explains how to configure using them, but a different procedure is offered at How do I re-issue my SSL certificate?. Kerio support recently told me that they think the first method is the most recommended, but I've had to use the other in some cases. The difference is whether you add the "bundle" cert to server.crt or put the bundle is the "sslca" directory. If the first doesn't work. try the other.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Kerio Connect won't start after updating SSL certificate


Inexpensive and informative Apple related e-books:

Digital Sharing Crash Course

Take Control of Pages

Are Your Bits Flipped?

Take Control of Automating Your Mac

Take Control of iCloud, Fifth Edition





More Articles by © Anthony Lawrence





Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





Anyone even peripherally involved with computers agrees that object-oriented programming (OOP) is the wave of the future. Maybe one in 50 of them has actually tried to use OOP – which has a lot to do with its popularity (Steve Steinberg)




Linux posts

Troubleshooting posts


This post tagged:

Kerio Connect

Kerio

Kerio Info

Kerio Pricing

Kerio RSS Feed

Mail

Troubleshooting



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode