Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Can't install SSL certificate (Can't install SSL certificate)
  •  
Dustin

Messages: 1
Karma: 0
Send a private message to this user

Hi everyone. I've been trying for awhile. Now I have three days left to get my new SSL certificate installed and I can't seem to get it to work.

I tried two methods:
1) Going to SSL certificates, and clicking Import / Import a new certificate. This gives a Spinner at the top and says "Loading..." but nothing ever happens.

2) Searching the forums I found a suggestion to put the SSL files in the Kerio directory and then restart the server. Perhaps the instructions were wrong, because they don't show up on this list doing it this way either.

Any suggestions would be greatly appreciated!

Thank you,
Dusitn
  •  
jimarmstrong79

Messages: 1
Karma: 0
Send a private message to this user
I hope, this knowledge base article will help out for your solution.

SSL certificates overview

You need a SSL certificate to use encrypted communication (VPN, HTTPS etc.). SSL certificates are used to authenticate an identity on a server.

For generating SSL certificates, Kerio Control uses its own local authority. Kerio Control creates the first certificate during the installation. The server can use this certificate.

However, upon their first login, users will have to confirm they want to go to a page which is not trustworthy. To avoid this, you must generate a new certificate request in Kerio Control and send it to a certification authority for authentication.

Kerio Control supports certificates in the following formats:

Certificate (public key) -- X.509 Base64 in text format (PEM). The file has suffix .crt.
Private key -- the file is in RSA format and it has suffix .key with 4KB max. Passphrase is supported.
Certificate + private key in one file -- format: PKCS#12. The file has suffix .pfx or .p12.
Creating a new Local Authority

Local authority is generated automatically during the installation. However, hostname and other data are incorrect. For this reason we recommend to generate a new certificate for the local authority.

To create and use a certificate for the local authority, follow these instructions:

Open Definitions → SSL Certificates.

Click Add → New Certificate for Local Authority.

In the New Certificate for Local Authority dialog box, type the Kerio Control hostname, official name of your company, city and country where your company resides and the period of validity.

The new Local Authority will be available and visible inDefinitions → SSL Certificates, the old one will be:

changed from Local Authority to Authority
renamed to Obsolete Local Authority
available as a trusted authority for IPsec
Creating a certificate signed by Local Authority

Create a new certificate if the old one is not valid anymore.

To create a certificate, follow these instructions:

Open section Definitions → SSL Certificates.

Click Add → New Certificate.

In the New Certificate dialog box, type the hostname of Kerio Control, the official name of your company, city and country where your company resides and the period of validity.

The Hostname entry is a required field.

Save the settings.

Now you can use this certificate. Using the certificate means that you have to select it in the specific settings (for example SSL certificate for VPN server you have to select in Interfaces → VPN Server).

Creating a certificate signed by a Certification Authority

To create and use a certificate signed by a trustworthy certification authority, follow these instructions:

Open Definitions → SSL Certificates.

Click Add → New Certificate Request.

In the New Certificate Request dialog box, type the hostname of Kerio Control, the official name of your company, city and country where your company resides and the period of validity.

The Hostname entry is a required field.

Select the certificate request and click More Actions → Export.

Save the certificate to your disk and email it to a certification organization.

For example, Verisign, Thawte, SecureSign, SecureNet, Microsoft Authenticode and so on.

Once you obtain your certificate signed by a certification authority, go to Definitions → SSL Certificates.

Select the original certificate request (the certificate request and the signed certificate must be matched)

Click More Actions → Import.

The certificate replaces the certificate request. You can use this certificate. Using the certificate means that you have to select it in the specific settings (for example SSL certificate for VPN server you have to select in Interfaces → VPN Server).
  •  
Losinsky

Messages: 2
Karma: 0
Send a private message to this user
Hallo,
I encountered the same issue importing new SSL certificate.

I have found this soulution:
1) Copy new SSL certificate to server C:\Program Files (x86)\Kerio\MailServer\sslcert\
2) change filename to server13.crt (SSL certificate) and server13.key (RSA private key)
3) Go to Webmanagement console
4) new "server13" certificate appeared...
5) activate "server13" certificate.
Everything works fine with new certificate now
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Dustin wrote on Fri, 25 October 2013 18:16

Hi everyone. I've been trying for awhile. Now I have three days left to get my new SSL certificate installed and I can't seem to get it to work.

I tried two methods:
1) Going to SSL certificates, and clicking Import / Import a new certificate. This gives a Spinner at the top and says "Loading..." but nothing ever happens.

2) Searching the forums I found a suggestion to put the SSL files in the Kerio directory and then restart the server. Perhaps the instructions were wrong, because they don't show up on this list doing it this way either.

Any suggestions would be greatly appreciated!

Thank you,
Dusitn


As mentioned in the forums, enable "Report problems in administration" in the Administration Settings and the dialog starts working.
  •  
Losinsky

Messages: 2
Karma: 0
Send a private message to this user
I'am little bit confused
This hint really works. But I don't understand relation between "Report problems..." setting and the import dialog issue???

Second note: I tested it on two servers now... Import dialog DOES NOT works immediately after "Report..." setting!!!
It is necessary to reload "SSL certificates" page

Will it be fixed in next update?

V. Losinsky
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
It will be addressed in upcoming service release. There is a Javascript exception on the page, which is not handled if the option is turned off. So the page is not completely loaded in such case.
  •  
Sulcorp

Messages: 5
Karma: 0
Send a private message to this user
got the same problem...imports dont work but other pop-up screens do, like new certificate..
also tried diffrent browsers.

Tried to manually activate but if you restart kerio in that case it give SSL error and wont complete startup.

Im in kinda hurry with this bcs the SSL is almost expired....

@Pavel any workarround for this JS thingy?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Sulcorp wrote on Fri, 01 November 2013 15:53
got the same problem...imports dont work but other pop-up screens do, like new certificate..
also tried diffrent browsers.

Tried to manually activate but if you restart kerio in that case it give SSL error and wont complete startup.

Im in kinda hurry with this bcs the SSL is almost expired....

@Pavel any workarround for this JS thingy?


Enable "Report problems in administration" in the Administration Settings and the dialog starts working.
Previous Topic: A few questions
Next Topic: Update to 8.2 on CentOS 5 fails -- sysstat needed
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 21:13:37 CEST 2017

Total time taken to generate the page: 0.00495 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.