Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Self-Signed Certificate?
  •  
spiggott

Messages: 51
Karma: 0
Send a private message to this user
Is it possible to edit the default duration of a self-signed certificate generated through KMS to increase the life of the certificate beyond 1 year?

Also, is there a significant advantage to getting a certificate through a CA like Thawte or Verisign as opposed to using a self-signed certificate?

FYI, I have about 50 users accessing KMS via WebMail, Outlook 2003, Entourage 2004 and Apple Mail 2.x. My goal is to enable a security policy requiring encrypted connections. Will a self-signed cert hamper this effort?

[Updated on: Thu, 02 August 2007 21:59]

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
spiggott wrote on Thu, 02 August 2007 21:49

Also, is there a significant advantage to getting a certificate through a CA like Thawte or Verisign as opposed to using a self-signed certificate?

The benefit of having a 'real' certificate is users not having to click through the certificate warning. for IE6 it's just a simpel warning, IE7 will be more scary to your users as it recommends your users in big red letters not to enter the site due to certificate problems. You could install the certificate on all PC's, so the users won't have to go through the above 'trauma' Smile

For Outlook/KOC, there's no warning to bypass, so you'd have to install the self-signed certificate on those workstations before KOC could be used with SSL (as you want to require).

I recently installed the Geotrust QuickSSL Premium certificate on the server. Works well. Note you need the Premium certificate for it to work on Smartphones/PDA's as well. The normal QuickSSL certificate is not recognized on Smartphones/PDA's, so you'd still have to install it manually on those devices if users want to Activesync with your server. The Premium certificate overcomes this and is just 20% more expensive. (And still cheaper then a Verisign or Thawte certificate, I would guess.)

In the end: self-signed certs work fine, but can be somewhat of a hassle. After two years of using self-signed certificates I thought is was time to shell out 300 bucks for a real one.
  •  
spiggott

Messages: 51
Karma: 0
Send a private message to this user
Thanks, winkelman. It may be time to shell out for the real cert.
Previous Topic: Splunk and Kerio MailServer?
Next Topic: PHP Fatal error: call to undefined function: mb_strlen()
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 22:40:19 CET 2017

Total time taken to generate the page: 0.00411 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.