Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Certificate chain using reverse proxy
  •  
Dukeman

Messages: 57
Karma: 6
Send a private message to this user
Hi,

When using the reverse proxy for HTTPS connections, the correct SSL Certificate for the specific site is shown to the browser. I've imported a PFX file containing the certificate into Control and the 2 parent certificates are exported from the PFX file and imported into the Control certificate store as well, I can see 3 certificates.

When I visit a website through the reverse proxy the parent certificates aren't published to the website however.

Chrome, Safari, IE for example don't complain about the given certificate, Firefox and Chrome for Andriod do however. They say the certificate is invalid because the issuer is unknown: "sec_error_unknown_issuer" and the issuerchain is not supplied.

Is there a way to supply the parent certificates to the browser to solve this problem? Or is this an error in Control?

Cheers,
Barry

[Updated on: Mon, 02 June 2014 18:41]

  •  
Dukeman

Messages: 57
Karma: 6
Send a private message to this user
Found out that I have to chain the certificates into the server certificate: Add the certificate content (.cer files) of the root/parent certificates into the server certificate and add this key/cer files to Control.

This way the problem is solved and all parent certificates are send to the client!
Previous Topic: Importing existing DHCP and DNS data from OSX Server
Next Topic: file zilla
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Sep 20 05:59:16 CEST 2017

Total time taken to generate the page: 0.00866 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.