No results found. You can ask us instead.
No results found. You can ask us instead.
Phone Lines icon GFI Support Home Sign in
No results found. You can ask us instead.
Start a conversation
  1. GFI Support
  2. GFI Support - Certificates
  3. Articles

Configuring SSL Certificates in Kerio Control

Overview

You need an SSL certificate to use encrypted communication (VPNHTTPS, etc.). SSL certificates are used to authenticate identity on a server. To generate SSL certificates, Kerio Control uses its own local authority. Kerio Control creates the first certificate during installation. The server can use this certificate.

To avoid users seeing a confirmation message that suggests the site is not secure, you must generate a new certificate request in Kerio Control and send it to a certification authority for authentication.

Prerequisites

Kerio Control supports certificates in the following formats:

  • Certificate (public key) — X.509 Base64 in text format (PEM). The file has the extension .crt.
  • Private key — The file is in RSA format and it has the .key extension with 4KB max. The passphrase is supported.
  • Certificate + private key in one file — The format is PKCS#12. The file has the extension .pfx or .p12

Solution

Creating a new Local Authority

Local Authority certificate is generated automatically during the Kerio Control installation. However, the hostname and other data are incorrect, so you need to generate a new certificate for the Local Authority.

  1. Go to Definitions > SSL Certificates.
  2. Click Add > New Certificate for Local Authority.
    control_ssl_cert2.png
  3. In the New Certificate for Local Authority dialog box, type the Kerio Control hostname, the official name of your company, the city, and country of your company, and the period for which the certificate should be valid.
    control_ssl_cert3.png

The new Local Authority will be available and visible in Definitions > SSL Certificates. The old one is:

  • Changed from Local Authority to Authority
  • Renamed to Obsolete Local Authority
  • Available as a trusted authority for IPsec

If you need to know how to export the local authority and import it as a root certificate to a browser, read the Exporting and importing Kerio Control local authority as root certificate article.

Creating a certificate signed by Local Authority

Create a new certificate if the old one is not valid anymore.

  1. Go to Definitions > SSL Certificates.
  2. Click Add > New Certificate.
  3. In the New Certificate dialog box, type the hostname of Kerio Control, the official name of your company, city, and country where your company resides and the period of validity. The Hostname is a required field.
    control_ssl_cert4.png
  4. Save the settings.

Now you can use this certificate. You have to select it in the specific settings, for example, SSL certificate for VPN server you have to select in Interfaces > VPN Server.

control_ssl_cert1.png

Creating a certificate signed by a Certification Authority

  1. Go to Definitions > SSL Certificates.
  2. Click Add > New Certificate Request.
  3. In the New Certificate Request dialog box, type the hostname of Kerio Control, the official name of your company, city, and country where your company resides and the period of validity. The Hostname is a required field.
    control_ssl_cert5.png
  4. Select the certificate request and click More Actions > Export > Export request in PEM.
    control_ssl_cert6.png
  5. Save the certificate to your disk and email it to a certification organization. For example, Verisign, Thawte, SecureSign, SecureNet, Microsoft Authenticode, and so on.
  6. Once you obtain your certificate signed by a certification authority, go to Definitions > SSL Certificates.
  7. Select the original certificate request. The certificate request and the signed certificate must be matched.
  8. Click More Actions > Import > Import Signed Certificate from CA.
    control_ssl_cert7.png

The certificate replaces the certificate request.

Importing intermediate certificates

Kerio Control allows authentication by intermediate certificates.

To add an intermediate certificate to Kerio Control, follow these steps:

  1. In the administration interface, go to Configuration > SSL Certificates.
  2. Import certificates by clicking on the Import > Import Certificate of an Authority.

  1. Save the settings.

Note: If you have multiple intermediate certificates, add them all in the same way.

Changing SSL certificates

If your certificate is expiring and you need to import a new one, you must also select the certificate in all Kerio Control services where the expiring certificate is used. For more information refer to Changing SSL certificates in Kerio Control.

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted 7 days ago
  3. Updated 6 days ago

Comments