Home » Kerio User Forums » Kerio Control » SSL's - Another Option over SelfSigned SSL's? (Possibility of using letsencrypt.org a simpiler and "Safer" option over SelfSigning)

Messages: 3
Karma: 2
Send a private message to this user
When My SelfSigned Cert Expired I was about create a new one when My Security Team showed me how a selfsigned cert doe not really protect you from a man in the middle attack (Since we all just ignore the Browsers Certificate error, so any SSL can be presented. So in My hunt for a cheep solution to getting a signed SSL. I found LetsEncrypt.

LetsEncrypt make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention, for Free. This is accomplished by running a certificate management agent on the web server. And it should have all of the benefits of a signed Cert without the manual intervention of getting one or even updating it when it expires.

I was interested to hear what the community has to say about this and see if we could get Kerio to eventually implement this in their products...

take a look at it at letsencrypt.org/how-it-works


Messages: 22
Karma: 1
Send a private message to this user
i'm interested too in Lets encrypt integration with kerio control. It would be awsome. I hope Kerio will think seriusly about that. There are a ton of bot around and pfsense have it now

Messages: 152
Karma: 11
Send a private message to this user
it would be great if it were integrated, or even if the embedded web server would simply allow the ".well-known" folder.

I got it working on Connect with nginx based on https://certbot.eff.org/#ubuntuxenial-nginx and https://irulan.net/using-lets-encrypt-with-kerio-connect. I also had to increase the timeouts based on https://www.scalescale.com/tips/nginx/504-gateway-time-out-u sing-nginx/. I'm not sure what value we really need yet, but 600 is to short.

[Updated on: Tue, 02 May 2017 21:28]


Messages: 7
Karma: 0
Send a private message to this user
Yes, Kerio needs to support SSL certificates from Let's Encrypt in Control, Connect and Operator (including auto renewal) ...

Kerio, please
Previous Topic: Load Balancing / Failover and Policy Routing
Next Topic: Some sites do not work through Kerio
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 14 01:02:33 CET 2018

Total time taken to generate the page: 1.25999 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.