Sometimes, the MyKerio connection cannot be established, as a result managing a Kerio Connect appliance from a remote address is not possible. If you check the debug logs, with MyKerio logging enabled, you will find entries such as:
The certificate '*.kerio.com' was not validated.
Failed to verify SSL certificate: (19) self signed certificate in certificate chain.
This article describes the process of resolving this issue.
Linux Kerio Connect installations such as CentOS, Ubuntu, Debian.
SSH access to the Linux server
- The standard certificate packages on CentOS/Debian are not up-to-date.
- SSL certificate is not being updated automatically.
Important: for CentOS SSL issues with Kerio Connect 9.3.0 and up, the workaround is to execute the following command.
mv /etc/pki/tls/certs/ca-bundle.trust.crt /etc/pki/tls/certs/ca-bundle.trust.crt.bak
Login as root user to the server.
Upgrade currently installed system packages in your Linux server.
Restart the machine.
(Optional) If the Kleopatra tool is installed on CentOS:
- Open the terminal and run Kleopatra.
- Navigate to Settings > Configure Kleopatra > GnuPg System > gpg agent.
- Select the option: Allow clients to mark key as trusted.
Run the following command:
curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt
Note: For Debian-based servers, the certificates should be added to the
Add the trusted root certificate to the server:
The MyKerio connection displays Ready.