Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Add SSL certificate to Kerio via CLI
  •  
ikheetleon

Messages: 66
Karma: -1
Send a private message to this user
Since I'm starting to switch from Startcom to Let's encrypt. I would like to know if it's possible to add SSL certificates (And intermediate certificates) to Kerio via the CLI. I'm running Centos 6 with Kerio 9.1.1.

I've already tried to add the .key and .crt files to the sslcert directory in the store. I've also add the intermediate certificate to the sslca directory. But after a restart, they don't show up in the GUI list.

When I add them manually it works just fine.

Since the certificates of Let's encrypt are only valid for 90 days, I would like to automate this.

I do however see a difference in adding a new certificate/domain to kerio and renewing the certificate.

Let's say I just want to renew an existing certificate. Would it be fine to replace the original file with a new one and restart Kerio?
  •  
j.a.duke

Messages: 335
Karma: 10
Send a private message to this user
A little googling of "kerio connect Let's encrypt" turned up:

https://herrbischoff.github.io/security/2016/02/02/Using-Let s-Encrypt-with-Kerio-Connect.html

I suspect you can adapt this for CentOS (I haven't tried it yet, but will likely once I get my CentOS 7 box working).

Cheers,
Jon
  •  
ikheetleon

Messages: 66
Karma: -1
Send a private message to this user
I already found that solution, but that's still not automated.

"Now open the admin panel, select Configuration > SSL Certificates and see your certificate appear. Select it and set is as active."

I want the ssl part to be unattended.
  •  
j.a.duke

Messages: 335
Karma: 10
Send a private message to this user
ikheetleon wrote on Thu, 29 September 2016 02:49
I already found that solution, but that's still not automated.

"Now open the admin panel, select Configuration > SSL Certificates and see your certificate appear. Select it and set is as active."

I want the ssl part to be unattended.

I do believe you missed this section:

Quote:
Renewal
Just run:

./letsencrypt-auto certonly --keep-until-expiring -d mail.example.com
You may want to put this in a cronjob to run every 30 days or so. If the certificate is close to expiring, it will be renewed automatically, otherwise it will be kept until the next run.


You only need the GUI for selecting the active cert (which you should only need to do once).

That solves most of the problem for 99% of the those of us running Connect.

Cheers,
Jon
Previous Topic: PSA: If you use Internet Explorer don't upgrade to 9.1.1
Next Topic: AV not starting, Sophos plugin broken
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Dec 05 09:27:49 CET 2016

Total time taken to generate the page: 0.00888 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.