Usually adding or updating Kerio Connect SSL certificates is easy. You just follow the directions at "Configuring SSL certificates in Kerio Control" and it's done.
Unfotunately, sometimes things aren't that easy. Certificates can be incorrect or damaged and although it is rare, it is possible that Kerio Connect cannot restart because of a bad certificate. The fix is quick and easy: drag everything out of the mailserver/sslcert directory and restart again. Connect will create a self signed certificate atomatically.
Now you just need to figure out why you had a problem.
One issue might be that your certificate needs to match your server's private key. You can check the files you dragged out using the "openssl" command.
openssl x509 -modulus -noout -in server.crt openssl rsa -modulus -noout -in server.key
Those will spit out long strings of numbers that need to match:
If you have a crt that does not match its key, do NOT make it the Active certificate!
Intermediate certificates such as those provided by GoDaddy can also cause problems. The link I gave in the first paragraph explains how to configure using them, but a different procedure is offered at How do I re-issue my SSL certificate?. Kerio support recently told me that they think the first method is the most recommended, but I've had to use the other in some cases. The difference is whether you add the "bundle" cert to server.crt or put the bundle is the "sslca" directory. If the first doesn't work. try the other.
If you found something useful today, please consider a small donation.
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2015-04-14 Anthony Lawrence
While we all ooh and ahh over the reports and graphs, Google is quietly building an incredible pile of extremely valuable information. (Tony Lawrence)