Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Importing GoDaddy SSL cert into KMS?
  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
Has anybody gotten this to work properly? Every time I import it, KMS shows the cert in the SSL panel and says to restart KMS. I restart it and then have no certs available and SSL could not start up. I'm not onsite now to get the log files of what exactly happened, but for as easy-to-manage as KMS is, importing a cert should be a snap.

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
mathieuf

Messages: 9
Karma: 0
Send a private message to this user
I don't know if you ever got this to work, but I just called GoDaddy after trying and failing to install one of their SSL certificates in KMS 6.3.0 and they told me their certificates will not work with KMS. It has to do with not being able to install their intermediate certificate in KMS.
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
That is correct (and is mentioned in the manual). Kerio MailServer does not support intermediate certificates at this time. If you would like to request support for intermediate certificates, please submit a support ticket and we'd be happy to add you to the suggestion we have on file.

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
GoDaddy intermediate certificates are now supported in KMS 6.4.
The 6.4 admin guide has the updated instructions on how to install (the knowledge base is a little behind). It's not a no-brainer, but it is easy with the manual.

Thanks Kerio for implementing this capability.

Regards,
Lyle Millander
  •  
the_creative_partnership

Messages: 57
Karma: 0
Send a private message to this user
Does anybody know which of the intermediate certificates to download from Go Daddy's repository? There is a whole selection...

Dan
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
The following files should end up in your sslca folder in the Kerio directory on your server:

gd_cross_intermediate.crt
gd_intermediate.crt

Note that there are already other files in that directory. Don't worry about them.

Cheers,
Lyle
  •  
the_creative_partnership

Messages: 57
Karma: 0
Send a private message to this user
I assume that is in addition to the file for our cert?

Many thanks
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
http://www.kerio.com/manual/kms/en/ch10s01.html

Notes on intermediate cert use are at the bottom of the page and include the answer to your question.

But, yes, the intermediates are in addition to your cert which lives in sslcert.

Enjoy,
Lyle
  •  
My IT Indy

Messages: 1262
Karma: 40
Send a private message to this user
I ended up getting a Thawte SSL123 cert and it took about 10 seconds to download and import into my KMS. Sure it cost more, but my time was more valuable after having issues with a godaddy cert.

-
My IT Indy
Kerio Certified Reseller and Hosted Provider
http://www.myitindy.com
  •  
komakino

Messages: 16
Karma: 0
Send a private message to this user
I wrote up a little howto about installing GoDaddy intermediate SSL certificates in Kerio MailServer here:

http://blog.irisink.com/?p=51

It worked well for me using KMS 6.4.0 on Mac OS X 10.4.x Server.

Cheers,

[Updated on: Tue, 21 August 2007 20:52]


Chris Williams
Consulting Engineer
DaVinci Digital
Portland, OR
  •  
the_creative_partnership

Messages: 57
Karma: 0
Send a private message to this user
Well we finally managed to get our certificate signed, and it took a little messing about, but it installed fairly easily. Now my only problem is domain aliases.

Our primary address for the mail server is say mail02.domain.com, which also has the reverse record entered for it, but we also have it CNAME'd as for instance mail.dm-la.com, mail.dm-losangeles.com etc.

Does anybody know if I can have multiple certificates active on the server? One for each domain?

  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
I think you have to buy a wildcard certificate. They cost more.

http://www.thawte.com/ssl-digital-certificates/wildcardssl/i ndex.html

-Lyle

[Updated on: Wed, 22 August 2007 13:17]

  •  
the_creative_partnership

Messages: 57
Karma: 0
Send a private message to this user
Thanks Lyle.

We did buy a wildcard for domain.com, but I'm wondering about having multiple wildcards active at the same time, say for: -

*.domain.com
*.dom-la.com
*.dom-ldn.com
*.domain-la.com
*.domain-ldn.com
etc etc...

KMS only seems to show one cert as active at a time, but I have multiple names for my server, under multiple different domains...
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
pingu wrote on Wed, 22 August 2007 10:39


Does anybody know if I can have multiple certificates active on the server? One for each domain?



It is not possible at this moment but we are considering it as an improvement. Anyway, it will require a separate IP address for each domain SSL certificate.

The easiest solution is to get a SSL certificate with wildcards or alternative names.
salmanq

Messages: 1
Karma: 0
Send a private message to this user
Hi, This post is very informative, however I would like some specific information. If someone can help me then please send me a private message. Best Regards,

[Removed off-topic URL links]

[Updated on: Thu, 30 August 2007 09:58] by Moderator

Previous Topic: Can I change the name of a mailing list
Next Topic: Migrating from Exchange 5.5 to Kerio 6.4.1
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 05:38:05 CET 2017

Total time taken to generate the page: 0.00508 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.