Overview

Kerio Control requires a valid SSL certificate to verify the Kerio Control VPN Client when establishing the connection to Kerio Control. If an SSL certificate warning appears, the certificate is probably self-signed and you must insert the Kerio Control certificate in the system keychain manually.

A self-signed certificate is a certificate that your administrator generated for you in Kerio Control. The certificate is not signed by any certification authority.

Solution

Automatic Process

1. Once the Verification window pops-up, click on Show Certificate.
   
2. Enable "Always trust <certificate> when connecting to <server_name>".
   
3. Enter the user password to confirm the action.
   

Manual Process

1. In the Verify Certificate window warning, click the certificate image and drag it to the desktop. This creates a file with the certificate on the desktop (for example server.example.com.cer).
2. Run the Keychain Access application. The Add Certificates dialog box displays.

1. Select the X509Anchors keychain. To add a certificate, you need to be logged in as an administrator.
2. In the Keychain Access application, select the X509Anchors keychain, look up the new certificate (for example, server.example.com) and click to open it.
3. In the certificate window, scroll to the bottom.
4. Open the Trust Settings section.
5. Set the Always Trust option for the When using this certificate entry.
   
6. Close all running applications and log out of the system.
7. Reboot the system and establish a VPN connection to Kerio Control.

Confirmation

From now on, Verify Certificate warning should not display.