Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Proper SSL Certificate Installation (Digicert detects problem with intermediate certificate)
  •  
pchernoff

Messages: 120
Karma: 0
Send a private message to this user
I installed a new SSL certificate into our Kerio Connect 8.2.2 on Mac OS 10.6.8.

I tested connections from Mail.app, web browsers and my iPad an no security complaints. But one person did note a SSL warning in Mail.app so I decided to test the certificate from Digicert's test page (http://www.digicert.com/help/). Everything was green except for the last item.

Quote:
The server is not sending the required intermediate certificate.

This server needs to be configured to include DigiCert's intermediate certificates during SSL handshakes. You may not notice a problem when using Internet Explorer because it can follow the http link to the intermediate certificate embedded in the certificate's 'Authority Information Access' extension, but Firefox, Safari, and other browsers will likely complain until the intermediate certificates are installed and configured on the server. For instructions on how to achieve this, please check the installation guide for your platform in the SSL certificate installation section of our site. If you have any problems correcting this issue, please contact our helpful support team and we would be happy to assist.


Since Digitcert instructions do not include Kerio Connect I thought I could get some help here. I generated the request for certificate from Kerio Connect and then pasted in the contents of the certificate with the domain name into KC. Digicert sent 3 .crt files, DigiCertCA.crt, TrustedRoot.crt and the domain .crt. I used the last certificate file. Should I have included the contents of the other files?
  •  
pchernoff

Messages: 120
Karma: 0
Send a private message to this user
I found the solution.

http://kb.kerio.com/product/kerio-connect/server-configurati on/ssl-certificates/configuring-ssl-certificates-in-kerio-co nnect-1132.html

It took a few attempts but the trick was having the main certificate first followed by the intermediate certificates. It now passes Digicert's tests.
Previous Topic: Kerio Connect 8.3.0 Beta2: Import CA
Next Topic: Kerio Connect client and receipts return ?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Aug 23 23:30:02 CEST 2017

Total time taken to generate the page: 0.00384 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.