Overview
This article provides Linux script to find issuer URI for all S/MIME certificates found recursively in the given folder. The following errors may show up in the Warning log:
[06/Aug/2019 08:21:41] S/MIME: Issuer (CN=winonant) was not downloaded. Content of URI http://winonant.domain.com/CertEnroll/winonant.domain.com_winonant.crt isn't valid certificate.
[06/Aug/2019 08:21:43] S/MIME: Issuer (CN=winonant) was not downloaded. Content of URI http://winonant.domain.com/CertEnroll/winonant.domain.com_winonant.crt isn't valid certificate.
Environment
Kerio Connect installed on Linux (deb, rpm) or macOS.
Root Cause
Certificate files are contained in special connect folders and personal certificate stores inside the message store. Therefore, the message store and folders dbSSL
, sslca
, sllcert
needs to be scanned for all certificate files (.pem
.crt
.p7b
.p7s
.der
.cer
.pfx
.p12
) and then checked against issuer conditions. If the found certificate is not used, it can be deleted.
Process
- Download the dump_certs_http.sh file (attached) and place it on the Kerio Store folder. Defaults are:
-
Linux:
/opt/kerio/mailserver/store
-
macOS:
/usr/local/kerio/mailserver/store
-
-
Make the file executable:
chmod +x dump_certs_http.sh
-
Execute the script and allow it some time to go through all the directory structure.
./dump_certs_http.sh
-
Delete all the unnecessary S/MIME files identified by the script.
Related Articles
Importing Personal Certificates to Kerio Connect Client