Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Importing an SSL certificate
  •  
GenXX

Messages: 10
Karma: 0
Send a private message to this user
Hello All,

I am trying to import an SSL certificate that I have got signed from SSL.COM but I only have the *.p7b file and not a private key. I can't figure out what I need to do from the Admin module "SSL Certificates" because in order to import a certificate from the "Import" menu, it is asking me for a passwordless "Key" file.. which I don't have.
Can anyone help ?
  •  
Vicky Tripp (Kerio)

Messages: 624

Karma: 81
Send a private message to this user
Hi GenXX,

When you need a new SSL cert to go into Kerio Connect you must follow this KB article so that the .key file is created:

http://kb.kerio.com/1132

You must create the certificate request with Kerio so that the private key is generated. Also you must have a CA body create an SSL cert in 'X.509 Base64 in text format (PEM). The file has suffix .crt.'.

So chances you will need to create the certificate request and get your certificate re-generated by the CA.

I hope this helps,
Vicky

Vicky Tripp
Kerio Technical Support Engineer
  •  
Petr Dobry (Kerio)

Messages: 772
Karma: 60
Send a private message to this user
If you generated your certificate request in web browser on some website, the private key is usually stored in OS certificate store (Keychain on OS X, MMC Certificate Console on Windows) and only certificate request is transmitted to the signing entity. That means your private key never leaves your computer where you generated the certificate.

If you want to move certificate, you need to export the private key from local certificate store.

Petr Dobry
Product Development Manager | Kerio

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Looking for help ? - http://kb.kerio.com
  •  
Abramax

Messages: 11
Karma: 0
Send a private message to this user
Can I recreate a Certificate Request on Kerio Connect so that my expensive new CA-signed certificate can be imported?
Originally I missed the instruction to append the Intermediate Certificate(s) and just imported the Host Certificate. Now I can't "Import signed certificate from CA" because there is no request in the SSL Certificates page. I have kept a backup of the text of the original request.
  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user
You can export the private key. Then choose to import the updated certificate with the private key.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Abramax

Messages: 11
Karma: 0
Send a private message to this user
Thanks, Brian. I have only the CSR file, the CRT files back from the CA and access to the server on which Kerio Connect is running. I looked in Control Panel > Internet Options > Content > Certificates but cannot find anything relating to Kerio or the domain. Might there be anywhere else to look for the private key to export?

[Updated on: Tue, 28 June 2016 18:09]

  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user
How did you generate the certificate request?

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Abramax

Messages: 11
Karma: 0
Send a private message to this user
I created it within Kerio Connect, exported the CSR, bought the certificate but imported only the host CRT. It would not allow me to import the intermediates CRT file so I deleted the host certificate in the UI. Now I cannot import the merged host+intermediates CRT. I can't go to a system backup because all this was done today.
  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user
Deleting the certificate in Kerio Connect also deletes the associated private key. If you don't have it in a backup, then you need to go through the certificate request process again. Your CA should have a process to allow you to void or revoke your previous cert and generate a new one.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Abramax

Messages: 11
Karma: 0
Send a private message to this user
Thanks, Brian. I used the 'Rekey' option on the CA's site and it is now installed and tested. Much better than having to buy a replacement!
I've also exported the Private Key to safe storage, in case I need to move the certificate due to a hardware change.
To force the browser to start using it for connections to Kerio Connect, making the new cert the default wasn't enough. I had to delete the old self-signed cert, too.
Previous Topic: Intermediate certificate
Next Topic: Windows Server 2008 std x64 no longer supported?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Dec 04 17:14:14 CET 2016

Total time taken to generate the page: 0.01640 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.