Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Hosting & DNS
  3. Articles

Configuring DNS for DKIM in Kerio Connect

Overview

This article shares information about configuring DNS records for setting up DKIM in Kerio Connect by covering adding a DKIM record to your DNS, obtaining DKIM Public Key, creating a short 1024 bit DKIM key, and adding a New Private key to Kerio Connect.

Receiving Failed to parse DKIM public key from DNS record: Public key could not be loaded (invalid DER data) error potentially can be caused by DNS cache issues.

 

Solution

Adding a DKIM Record to Your DNS

The process of adding a DKIM record to your DNS may vary according to your provider. To add your DKIM public key to DNS, you can:

  • Ask your provider to add the record for you; or
  • Do it yourself in the DNS administration console.

The public key in Kerio Connect includes two parts:

  • Record name (or selector), for example: mail._domainkey.feelmorelaw.com.
  • TXT value, for example: v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4z Oo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwn AB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEb bcBhthrnETKoCg8wOwIDAQAB

Please note the following about the DKIM public key:

  • The TXT value consists of a single line of text.
  • The DKIM public key is the same for all domains on a single server (in a single Kerio Connect).
  • The DKIM public key in Kerio Connect is 2048-bit. Some providers may restrict the length of the key (the TXT value).

Note: If a domain includes aliases, add DNS record for DKIM to all aliases.

Back to Top

 

Obtaining DKIM Public Key in Kerio Connect

  1. In the administration interface, go to the section Configuration > Domains.
  2. Double-click your domain and go to the General tab.
  3. Click the Show public key button. This opens a dialog with your domain public key.
  4. Copy the text to create your DNS DKIM record. Make sure that the record contains the whole text.

    connect-dkim1.png

Back to Top

 

Creating a Short DKIM Public Key

Note: Kerio Connect includes a 2048-bit DKIM public key. If the public key is too long (some providers may restrict the length of the TXT value), you can use an online DKIM key creator to create a 1024-bit key. 

Follow these steps to generate a short DKIM key using the DKIM wizard:

  1. Go to the DKIM wizard page.
  2. Enter your Domain name and DomainKey Selector (use mail).
  3. Select 1024 key size.
  4. Click Generate.

    connect-dkim2.png
     
  5. Confirmation: The page displays your public and private keys. You may now add the new private key to Kerio Connect.

    connect-dkim3.png

Back to Top

 

Adding a New Private Key to Kerio Connect

  1. Stop the Kerio Connect server.
  2. Go to Kerio Connect installation directory folder: sslcert/dkim
  3. Copy the generated private key to the private.key file.

    Note: It is recommended that you always back up the original private key.

  4. Start the Kerio Connect server.

Kerio Connect will now show the shorter public key in the domain's configuration. You can now create the DNS DKIM record with the new public key.

Note: If you use distributed domains, make sure the new private key is available on all servers.

 

BIND DNS Server

If you use a BIND DNS server, you can split the original Kerio Connect DKIM public key (TXT value) by using the following format: TXT ("part 1" "part 2" ... "part x")

Consider this example:

TXT ("v=DKIM1;" "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4z" "Oo3N+Il220oK2Cp+NZw9Kuvg8iu2Ua3zfbUnZWvWK4aEeooliRd7SXIhKpXkgkwn" "AB3DGAQ6+/7UVXf9xOeupr1DqtNwKt/NngC7ZIZyNRPx1HWKleP13UXCD8macUEb" "bcBhthrnETKoCg8wOwIDAQAB")

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments