Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » VPN Server SSL Certificate (No option for CSR)
  •  
RPGonzo

Messages: 5
Karma: 0
Send a private message to this user
We are wanting to activate the VPN server on Kerio Control however doing so violates our PCI compliance with a "self-signed" SSL cert in place.

We have no objections to purchasing a signed SSL however I can find no option to generate a CSR to be able to get a signed cert.

I found this article((asterisk added for non being able to post links) http*://support.kerio.com/index.php?_m=knowledgebase&_a= viewarticle&kbarticleid=485&nav=0,2), however it states for version 6.5 and prior.

We are using ver 7.1.2 Build 2333 on a Win Server 2008 R2 box.

Does the article still hold true for the newer version of Control? Is there another method to use? Am i missing something within the admin console of generating the CSR?

I know the article mentions Kerio support does not provide further assistance, but any insight or pointer on figuring this out would be appreciated.

P.S. I apologize if this has been covered but nothing came up in the search for the past couple of hours so I'm finally resorting to creating a new topic.
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi,

You can create a SSL certificates from http://www.startssl.com/ for free (Class 1). StartSSL's certificates are accepted by all major browsers and you (or users) don't get any certificate warnings.

However creating CSR isn't possible inside the Kerio you can create a private key and than your certificate from StartSSL. After creating private key and certificate you can import them to Kerio Control without any problem. And also you can use the same certificate to secure Kerio Control Admin Console, SSL VPN and VPN.

Actually, I'm using StartSSL's Class 1 certificates to secure all of my clients Kerio products and even Exchange Server 2010 Smile

NOT: After creating Private Key from StartSSL with your password you must Decrypt the Private Key from the Toolbox on StartSSL website. If you import the private key file without Decrypt, Kerio Control would probably crash Smile

Regards,

  •  
RPGonzo

Messages: 5
Karma: 0
Send a private message to this user
Thanks for the reply, currently the company will not allow me to deploy a free SSL, and the vendor of choice will only supply a signed SSL with a CSR provided.

I'm currently getting in contact with our SSL provider to try and figure something out, with Kerio Control not having the ability to create a CSR, which is very odd as Kerio Connect has that exact ability.

I'm wondering if I can simply create a CSR from Connect and use my Control servers information without messing with the active SSL on Connect.

  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hi,

StartSSL is not only provide SSL certicates for free. You can also buy Class 2 certificates. StartSSL's certificate administration and creation panel is the same functionality for Class 1 and Class 2. I mean you can create Private Key for both of the certificate types Class 1 (free) and Class 2 (59.90$ for two years).

[Updated on: Thu, 21 July 2011 18:34]

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I have come across the same thing. Thing is, you can use any program to generate the key and then use that to purchase a 'real' certificate and import that into Control.

I also use Kerio Connect, so generate the certificate request with that. Used it to purchase a cert with Geotrust and imported that into Control. Worked just fine. Even imported the same cert it in several different places within Control, such as VPN and web interface.
  •  
ChrisStar

Messages: 3
Karma: -1
Send a private message to this user
Why is this such a dog's dinner ?

Thought I'd just add how I have done this without Kerio Connect

I use GoDaddy for my certificates. I just bought a standard SSL 5 year certificate.

Use IIS to request a certificate. Get the .crt back from the CA and install back into IIS.
View the certificate in IIS and copy to a file (export) - include the public key. This will create a .pfx file.

Install OpenSSL from www.openssl.org

Get the .pfx file into c:\openssl\bin and run.....

openssl pkcs12 -nodes -in dogsdinner.pfx -out dogsdinner.pem
(where dogsdinner is the name of the file I exported to in IIS)

Edit the dogsdinner.pem file and highlight the bit of the file between ---- BEGIN RSA PRIVATE KEY----- and ---- END RSA PRIVATE KEY-----

Copy this into a new file and save as dogsdinner.key

You now have your .crt and .key file to import into Kerio Control
Previous Topic: Install without monitor
Next Topic: Appliance hardware support
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 20:37:57 CET 2017

Total time taken to generate the page: 0.00388 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.