Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Connect - SSL Certificate
  •  
Michael Ruffin

Messages: 172
Karma: 4
Send a private message to this user
I have installed an SSL certificate on a client's Connect server.

However browsers (and phones) are still coming up saying it's not trusted.

The issuer is Trustwave, and I've read a few things online about them, but not really sure why it's not being trusted. Went through the Kerio KB article about installing SSL certificates, but no joy.

Anyone able to help? (It's set as the active certificate).
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Use browser to see details about HTTPS connection and certificate. If the certificate requires an intermediate SSL certificate to be installed, you need to follow that KB article and install it on Kerio Connect.
  •  
Brian (GFI/Kerio)

Messages: 763
Karma: 75
Send a private message to this user
Here is a great online tool for checking your certificate.
https://www.sslshopper.com/ssl-checker.html
It will show you if there is an issue. Most likely, you will need to re-assemble your certificate so that it includes the certificate chain with the root. Since you've already imported the certificate, you need to export it with the private key. After you properly assemble the certificate, you can re-import the private key with the properly assembled certificate. The KB article Pavel mentioned is http://kb.kerio.com/1132. At the bottom of the article it provides instructions for assembling the certificate.

Brian Carmichael
Instructional Content Architect
  •  
Michael Ruffin

Messages: 172
Karma: 4
Send a private message to this user
Thanks for the replies, but I think that KB article could do with some more explanation for people like me who have no idea about SSL certificates Smile

For example:

"In a text editor, open the server certificate and the intermediate certificate."

Where is this? Do you mean open it on the Kerio Connect server?

I don't think I received an intermediate certificate from the provider, so not sure where to find this info?

Edit: Found this in the email from the provider: "Please note you'll require the private key in order to install your certificate. You would have generated it when you requested the certificate originally."..

Does that have anything to do with it?

[Updated on: Wed, 20 January 2016 20:47]

  •  
Michael Ruffin

Messages: 172
Karma: 4
Send a private message to this user
Apparently I can obtain a "CA Bundle", which I've read includes root and intermediate certificates. But this doesn't look like what's in the instructions on the Kerio KB (there's only one set of "BEGIN CERTIFICATE" and "END CERTIFICATE")?
  •  
Brian (GFI/Kerio)

Messages: 763
Karma: 75
Send a private message to this user
The online testing tool that I previously referenced usually provides some instructions for obtaining the intermediate certificates based on the CA you used.
The certificate was probably given to you as a hyperlink or some attachment. You need to edit this file on your computer and append (copy/paste) the intermediate certificates. There are a lot of learning resources on SSLshopper.com.

Brian Carmichael
Instructional Content Architect
  •  
Michael Ruffin

Messages: 172
Karma: 4
Send a private message to this user
So I have the intermediate now, but I've already installed the certificate (and it's asking for a .key file when I try to install the intermediate).

Do I need to start over with a new SSL certificate?
  •  
Brian (GFI/Kerio)

Messages: 763
Karma: 75
Send a private message to this user
From my original post "Since you've already imported the certificate, you need to export it with the private key. After you properly assemble the certificate, you can re-import the private key with the properly assembled certificate."

Brian Carmichael
Instructional Content Architect
  •  
Michael Ruffin

Messages: 172
Karma: 4
Send a private message to this user
Sorry Brian, yes you were right. I'm new to SSL certificates so I didn't understand what I had to do.

All working now, thankyou very much for your help.
Previous Topic: Configure my photocopier to send scans through Kerio Connect
Next Topic: Bypass SMTP Authentication for Internal Email
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Oct 23 08:18:58 CEST 2017

Total time taken to generate the page: 0.00493 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.