Overview

Some Certification Authorities, such as DigiCert, may generate a .pfx file containing a private SSL certificate key. In such scenarios, you need to convert the file to a suitable format (.crt) and install it through the Kerio Connect administration.

Prerequisites

OpenSSL package installed

Solution

1. After the installation is complete, navigate to the directory where your .pfx certificate is located in the Command Prompt and launch openssl:
   1. "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" (default Windows location of the binary, if you customized the installation it might differ).
   2. For Linux/Mac installations, open Terminal and type openssl
2. On the OpenSSL prompt, type the following:
   

   pkcs12 -in "<certificate_name>.pfx" -nocerts -out private.key -nodes

3. Enter the certificate password and press Enter.
4. The file private.key will be generated in the same directory as the certificate.
5. You may also export the  certificate as a .crt file if needed:
   

   pkcs12 -in "<certificate_name>.pfx" -nokeys -out certificate.crt

6. Login to Kerio Connect Administration and navigate to Configuration -> SSL certificates -> click Import button. Depending on the SSL request procedure, choose Import Signed certificate from CA or Import a new certificate option. For more information, please refer to Configuring SSL certificates in Kerio Connect.