- Colin.Angus
-
Messages: 1-
-
Karma: 0
-
I'm trying to install a signed SSL certificate. I can't work out how to add the CA certificate bundle (issuers certificates) separately, I've tried appending them to my cert but doesn't work at all.
Without the CA's bundle the certificate sort of works - but good old IE8+ seems to have some sort of additional security preventing SSL connection at all if the root certificate is not already embedded.
It works ok if I visit a website hosted on the same machine with the certs installed properly, then revert to the KWS on port 4430. But new users that haven't cached (presumably) the certificate 1st get connection errors in their browsers.
I presume I need to build a single bundle, but I must have got it wrong order before. This is on a Windows platform running Apache/OpenSSL.
I'm running v2.0.0 beta 3#17
Any clues anyone?
Don't worry - found the fix here
forums.kerio.com/mv/msg/21122/85898/#msg_85898
Would be useful to make this a 'sticky'
[Updated on: Thu, 12 April 2012 21:32]
|
- interele
-
Messages: 10-
-
Karma: 1
-
Does anyone know how to do intermediate certs on Beta 4
My server.xml file is different to the guide mentioned above.
Ta
Mal
|
- marcobat
-
Messages: 28-
-
Karma: 0
-
I don't know if it works with current version of kerio but in 6.x i've chained the two files into one single file and put that as the certificate in kerio. No need to edit any preference.
like this:
-----BEGIN CERTIFICATE-----
aghashas==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
jsajskaj
-----END CERTIFICATE-----
first mine then the intermediate certificate
|
- yakov536
-
Messages: 8-
-
Karma: 0
-
Yesterday I was able to load our wildcard cert (*.company.com)
To creat the crt file, I copied and pasted the contents of following 4 files to create my .crt file.
AddTrustExternalCARoot.crt
NetworkSolutions_CA.crt
STAR.company.com.crt
UTNAddTrustServer_CA.crt
When imported with the .key file, worked find.
Hope this helps.
[Updated on: Wed, 02 May 2012 13:18]
|
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of
information.
Search
Help
Register
Login
Home
