Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio and certificate chains
  •  
Alin Pastrama

Messages: 19
Karma: 0
Send a private message to this user
I have a certificate released by the Terena CA, which is a fairly common scientific and educational CA (it comes preloaded in most popular browsers). However, the Terena certificate chain is not present under /usr/local/kerio/mailserver/sslca/, which causes issues with certain less common mail clients.

To go into further detail:

dhcp21:~ alin$  openssl s_client -connect kerio.nordu.net:993 -showcerts
CONNECTED(00000003)
depth=0 /C=DK/ST=Copenhagen/O=NORDUnet A/S/OU=NUNOC/CN=kerio.nordu.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=DK/ST=Copenhagen/O=NORDUnet A/S/OU=NUNOC/CN=kerio.nordu.net
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=DK/ST=Copenhagen/O=NORDUnet A/S/OU=NUNOC/CN=kerio.nordu.net
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=DK/ST=Copenhagen/O=NORDUnet A/S/OU=NUNOC/CN=kerio.nordu.net
   i:/C=NL/O=TERENA/CN=TERENA SSL CA
-----BEGIN CERTIFICATE-----
[SNIP]


Here it is visible that a complete certificate chain is not presented.

Is this a matter of simply copying the chain to /usr/local/kerio/mailserver/sslca/, or is there something else I should look at?

For the record, I am running Kerio Connect 7.4.3 on OS X 10.8.
  •  
Alin Pastrama

Messages: 19
Karma: 0
Send a private message to this user
That did the trick, thank you.
For reference, it was this section:

Locally on the computer where Kerio Connect is installed
Add the intermediate certificate file to the sslca directory and copy the server's certificate with the private key to the sslcert directory. Both directories can be found in the directory where Kerio Connect is installed.


...followed by a Kerio restart.
Previous Topic: 7.4.3 and Mountain Lion - locking up
Next Topic: Rogers Account
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Oct 18 22:31:12 CEST 2017

Total time taken to generate the page: 0.00427 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.