Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Godaddy Cert. not trusted? (Is the cheap Godaddy certificate ok?)
  •  
migsutu

Messages: 74
Karma: 0
Send a private message to this user
I started to play with adding a certificate to our Kerio server and Godaddy seemed to be the cheapest. I got everything installed and Kerio has accepted it fine. My problem is when I try and access the secure sight, it tells me it is signed by an unkown authority, even though it lists Godaddy as issuer of the certificate. I am new to this certificate stuff, so should I have purchased one of the more expensive certificates or purchased one from a different source? My server is behind a router and I am port forwarding all relevant ports to it. Thanks for any input.
  •  
mountaindogs

Messages: 34
Karma: 0
Send a private message to this user
Godaddy uses an intermediate certificate. That has to be installed also. How to install depends on what server you are running. I have a godaddy cert and it works.
  •  
  •  
migsutu

Messages: 74
Karma: 0
Send a private message to this user
OK, so Godaddy sent me two crt files. One was my mydomain.crt and the other was gd_bundle.crt. I renamed mydomain.crt to server1.crt and that is in sslcert and I guess to copy gd_bundle.crt to sslca directory. Do I need to rename the gd_bundle or just let it stay as is? Do I need to restart the service after copying the intermediate certificate? Thanks very much for the replies and information.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Copy the gd_bundle.crt to the sslca directory and import the SSL server certificate and private key via the Administration Console. Then restart the server.
  •  
migsutu

Messages: 74
Karma: 0
Send a private message to this user
Ok, I think it is working correctly now. I still need to check it offsite, so I will do that tonight at home. Thank you very much for the help and information.
  •  
migsutu

Messages: 74
Karma: 0
Send a private message to this user
Things still aren't working properly. So I tried to reimport the certificate again into Kerio. I deleted the old one, and now Kerio Admin Console doesn't show any certificates and each time I try and import one, it doesn't say it has a problem, but nothing is showing up in the list. Any thoughts on how to get any even a homemade certificate to show up again?

Each time I try and reload my Godaddy certificate it says key value mismatch and it will not load. I am not even showing the original certificate which came with the installation.

OK, deleted all files in sslcert directory and it was able to recreate its own. I will now be attempting to import the Godaddy certificates again.

[Updated on: Tue, 26 January 2010 20:33]

  •  
jamesf

Messages: 119
Karma: 2
Send a private message to this user
One thing I ran into was there is an optional Certificate update that needs to be run on a Windows PC. If this update has not been applied it will cause a certificate error. I don't know why Microsoft makes this update optional since it can have such a profound affect on certificate authentication.
  •  
migsutu

Messages: 74
Karma: 0
Send a private message to this user
I decided to try a dyndns certificate which is just a reseller for geotrust. They sent me the plain text version of 3 things. Server certificate, Root CA certificate, and Smart Icon html code.

First I copied both the server certificate and the Root CA certificate into server1.crt and put it in the sslcert directory. It showed up in the admin console, I set it to active, restarted Kerio and then there were no certificates showing up in the admin console.

I cleaned out the sslcert directory and let it recreate its own certificates. I then just copied the server certificate into server1.crt and moved it into the sslcert directory along with the server1.csr. It showed up, I activated, restarted, and it showed up as active in admin console this time.

My question is what do I do with the Root CA certificate and the Smart Icon html code? I haven't tested offsite yet, so not sure if its working properly.
Previous Topic: Migration from Exchange 2000 to Kerio 6.7
Next Topic: Run only Address book & iCal on 10.5 Server
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 01:24:53 CET 2017

Total time taken to generate the page: 0.00442 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.