Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio control certificate error
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Installed kerio control 7 but now every time i try to access a website i get a "certificate error" and am told not to go the site. (Only happens for the login page though, if i ignore the warning and log in i can browse sites ok)

In kerio 6 there were an option under :

Advanced - web interface/SSL-VPN

Called "Enable HTTPS(SSL Secured) Web interface.

After getting the same errors in the beginning from kerio 6 i was told to disable this option and after that i have had no certificate problems.

Now in connect 7 i get the same problem but now the option to use SSL or not has been removed from the web interface part.

Is this because i MUST use SSL now or what has happened ?'

PS. I have copied the cfg files from kerio 6 into the kerio 7 folder....Is this the problem ?

Hmadsen

[Updated on: Tue, 01 June 2010 11:15]

  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi,

With Kerio Control HTTP enabled web interface has gone. It is so bad that we have not an option to decide OUR OWN security necessity anymore.

I submitted a feature request to Kerio Beta Team about HTTPS issue but I didn't get enough response from them. So I started to play Winroute.cfg file on my test environment.

And, finally found the solution like this;

- Stop Kerio Control

- Open the winroute.cfg file (C:\Program Files\Kerio\WinRoute Firewall)
PS: KWF name changed to Kerio Control but still uses the "Winroute Firewall" folder Smile

- Find the lines;
<variable name="WebAdmHTTPSRedirect">1</variable>
<variable name="HTTPSPriority">1</variable>

- Changed the values 1 to 0

- It's Done. Kerio Control will not use the HTTPS connection. HTTPS is still active but not Primary option for Webadmin and logon interface.


But I don't know how to change winroute.cfg on Virtual Appliances with Linux. Maybe Linux users able to change winroute.cfg file by accessing with SSH and root account.

I hope this will help for everyone who DON'T want to BUY SSL certificates.

Kursad
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Thanks a lot, that worked fine.

Do you know what happened to the "number of users" counter. In Kerio 6 choosing the top tab presents the registration info including the number of simultanius users and it said something in the lines of "45/47 users logged in"

Now it just say how many simultanius users i have a license for but not how many i actually have logged in.

I used this number to verify if i had enough licenses and to buy more if needed.

Hmadsen
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
They changed the License Policy as well.

New License Policy
IP address connection is no longer considered a user. License allows up to five connected devices per user. Server license includes 5 users; additional user licenses are purchased in blocks of five.
http://www.kerio.com/support/subscription-policy
  •  
hmadsen

Messages: 33
Karma: 1
Send a private message to this user
Yeah i saw that and offcourse that helps keep the user count down but still it would be nice to know the number of connected users to know when the limit was near ..

Oh well..

The main problem today after installing the new connect has actually been users calling to ask for a code for the new login screen.. (When using web-login the interface was redesigned and it does not take anything more than a different shape and color to get people confused) Laughing

Hmadsen
  •  
Tomislav

Messages: 61
Karma: 1
Send a private message to this user
@KursadOlmez - great find, I was looking for this exact thing. Unfortunately, I'm running a Software Appliance...
I hope I can find someone to give me a hand in figuring out how to edit that cfg file.
  •  
Tomislav

Messages: 61
Karma: 1
Send a private message to this user
I think I've got it (with a little of help of course):

- Log on as root (I got ssh running, but I'm sure local console would work too)
- cd /opt/kerio/winroute (type all bolded text as-is)
- vi winroute.cfg
- replace the 1 with 0 for both items (mark 1 press delete then i then 0 then esc)
- :wq (saves and exits) or if you messed up :q! (does not save and exits)

I haven't had a chance to stop my firewall to test yet (still working hours) but I'll try early tomorrow morning to see if it saves properly.
  •  
Tomislav

Messages: 61
Karma: 1
Send a private message to this user
Tested and it works. Just reboot when you're finished and it will boot with the new configuration.

For future reference I'll retype the whole procedure [in super simple mode for admins like me =]:

1. Log on as root (I got ssh running, but I'm sure local console would work too)
2. cd /opt/kerio/winroute (type all bolded text as-is)
3. vi winroute.cfg
4. scroll down to: <table name="Administration">
5. replace the 1 with 0 for items:
- <variable name="WebAdmHTTPSRedirect">1</variable>
- <variable name="HTTPSPriority">1</variable> (mark 1 press delete then i then 0 then esc)
6. :wq (saves and exits) or if you messed up :q! (does not save and exits)
7. reboot

And now enjoy not being called everyday by users asking what this certificate thingy is.
  •  
Gmolnar

Messages: 1
Karma: 0
Send a private message to this user
Hi everyone!

Since now I have been using the 7th version of kerio control (windows based), now migrated to 8.1.1 (Linux based), and I got this problem with the certificate.

Since now, when the certificate expired, I simply reissued it in the control panel, and then added it to the trusted root certification authorities on every client computer, and the problem was gone. Now, after adding the certificate to every possible "hole" of the client it doesn't help, users keep receiving the well known error message in their browsers.

The client machines are in a domain, so I have decided to add the certificate to the domain policy, but it didn't helped to.

As recommended above, I have tried to log in thru SSH, and modify the winroute.cfg, but I cant locate it at all, any suggestions?
  •  
Jeff Wadlow (Kerio)

Messages: 193
Karma: 6
Send a private message to this user
In the Kerio Control WebAdmin, go to Configuration -> Advanced Options -> Web Interface. You should have a check box, "Force SSL secured connection (recommended)" that you can disable.

If you are going to modify the cfg file it is better to edit the one in /var/winroute/. It gives you slightly more time to reboot before it auto saves the settings in memory back into the winroute.cfg file.

You were not specific about what you could not locate. Were you unable to locate the winroute.cfg file or were you able to find WebAdmHTTPSRedirect in the winroute.cfg file?
Previous Topic: Webiste Unblock issue
Next Topic: Hardware for +5k connections - kerio control appliance 8.1
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 13:44:15 CEST 2017

Total time taken to generate the page: 0.00475 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.