Overview
Sometimes, the MyKerio connection cannot be established, as a result managing a Kerio Connect appliance from a remote address is not possible. If you check the debug logs, with MyKerio logging enabled, you will find entries such as:
The certificate '*.kerio.com' was not validated.
Failed to verify SSL certificate: (19) self signed certificate in certificate chain.
This article describes the process of resolving this issue.
Prerequisites
Linux Kerio Connect installations such as CentOS, Ubuntu, Debian.
SSH access to the Linux server
Diagnosis
- The standard certificate packages on CentOS/Debian are not up-to-date.
- SSL certificate is not being updated automatically.
Solution
Important: for CentOS SSL issues with Kerio Connect 9.3.0 and up, the workaround is to execute the following command.mv /etc/pki/tls/certs/ca-bundle.trust.crt /etc/pki/tls/certs/ca-bundle.trust.crt.bak
-
Login as root user to the server.
-
Upgrade currently installed system packages in your Linux server.
- Debian:
apt-get upgrade
- RPM:
yum upgrade
- Debian:
-
Install
gnupg2-smime
(optional). -
Restart the machine.
-
(Optional) If the Kleopatra tool is installed on CentOS:
- Open the terminal and run Kleopatra.
- Navigate to Settings > Configure Kleopatra > GnuPg System > gpg agent.
- Select the option: Allow clients to mark key as trusted.
-
Run the following command:
curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt
Note: For Debian-based servers, the certificates should be added to the
/etc/ssl/localcerts
folder. -
Add the trusted root certificate to the server:
update-ca-trust enable
update-ca-trust extract
Confirmation
The MyKerio connection displays Ready.