Kerio Control requires a valid SSL certificate to verify the Kerio Control VPN Client when establishing the connection to Kerio Control. If an SSL certificate warning appears, the certificate is probably self-signed and you must insert the Kerio Control certificate in the system keychain manually.
A self-signed certificate is a certificate that your administrator generated for you in Kerio Control. The certificate is not signed by any certification authority.
- Once the Verification window pops-up, click on Show Certificate.
- Enable "Always trust <certificate> when connecting to <server_name>".
- Enter the user password to confirm the action.
Warning: The Keychain Access application must not be running at this point. If it is running, close it.
- In the Verify Certificate window warning, click the certificate image and drag it to the desktop. This creates a file with the certificate on the desktop (for example
- Run the Keychain Access application. The Add Certificates dialog box displays.
- Select the X509Anchors keychain. To add a certificate, you need to be logged in as an administrator.
- In the Keychain Access application, select the X509Anchors keychain, look up the new certificate (for example,
server.example.com) and click to open it.
- In the certificate window, scroll to the bottom.
- Open the Trust Settings section.
- Set the Always Trust option for the When using this certificate entry.
- Close all running applications and log out of the system.
- Reboot the system and establish a VPN connection to Kerio Control.
From now on, Verify Certificate warning should not display.