Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SSL Error CRL (Unable to get certificate CRL)
  •  
kam46 is currently offline kam46

Messages: 7
IP: 213.33.150.190
Karma: 0
Hello everybody.
In our mail server (Windows 7 + Kerio Connect) the COMODO certificate is used. After some indefinite time, a warning about CRL appears in the certificate properties (Unable to get certificate CRL). The certificate is validated on the COMODO website.
Why?

  •  
freakinvibe is currently offline freakinvibe

Messages: 1560
IP: 178.197.239.240
Karma: 63
The Root CA needs to access this CRL:

http://crl.comodoca.com/AddTrustExternalCARoot.crl

Is this reachable from the Kerio Connect server?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
kam46 is currently offline kam46

Messages: 7
IP: 213.33.150.190
Karma: 0
Yes.
URL opened via I.
  •  
freakinvibe is currently offline freakinvibe

Messages: 1560
IP: 178.197.239.240
Karma: 63
In my opinion it should work then. Maybe you can see something in the error/warning log.

Or switch on Network Connections and SSL in the debug log.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
kam46 is currently offline kam46

Messages: 7
IP: 213.33.150.190
Karma: 0
Debug log:

[29/Nov/2017 18:37:11][5468] {conn} Connection from 10.10.0.61:51734 to 10.10.0.2:443, socket 52976.
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL handshake started: before/accept initialization
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:before/accept initialization
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:error in SSLv2/v3 read client hello A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 Client requests server by name: mail.insigma.ru
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 Found ssl context for connection by name: mail.insigma.ru
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 read client hello A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write server hello A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write certificate A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write key exchange A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write server done A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 flush data
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:error in SSLv3 read client certificate A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:error in SSLv3 read client certificate A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 read client key exchange A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 read certificate verify A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 read finished A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write session ticket A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write change cipher spec A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write finished A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 flush data
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL handshake done: SSL negotiation finished successfully
[29/Nov/2017 18:37:11][5468] {conn} Established secure server connection from 10.10.0.61:51734 to 10.10.0.2:443 using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384, id 000000002BCE3E28
[29/Nov/2017 18:37:11][4316] {conn} SSL debug: id 000000000C979CA0 SSL3 alert read:warning:close notify
[29/Nov/2017 18:37:11][4316] {conn} SSL debug: id 000000000C979CA0 SSL3 alert write:warning:close notify
[29/Nov/2017 18:37:11][4316] {conn} Closing socket 31952
  •  
Brian (GFI/Kerio) is currently offline Brian (GFI/Kerio)

Messages: 789
IP: 76.103.242.36
Karma: 82
It seems you haven't added the intermediate certificate. You can validate your domain using sslshopper.com and it will show you any errors. Instructions for installing the intermediate certificate is described here toward the bottom http://manuals.gfi.com/en/kerio/connect/content/server-confi guration/ssl-certificates/configuring-ssl-certificates-in-ke rio-connect-1132.html

Brian Carmichael
Instructional Content Architect
  •  
kam46 is currently offline kam46

Messages: 7
IP: 213.33.150.190
Karma: 0
yep... already understood( in our Kerio Control there were no intermediate certificates. Now added them.
sorry for my English. Critically not enough time to learn the English. It is very unfortunate that the GFI closed the support of the Russian-speaking(
Very lack of advice and knowledge of Svetlana.
Previous Topic: How to Disable Webmail Keyboard Shortcuts
Next Topic: Double Clicking message popup painfully slow
Goto Forum:
  

 ] [ PDF ]

Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Dec 16 14:04:13 CET 2017

Total time taken to generate the page: 0.92218 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.