Overview
At times, administrators may have issues renewing the SSL certificate using a new CRT file provided by the Certification Authority (CA). This article shares the process of re-issuing the SSL certificate to fix this issue.
Note: Kerio Connect server certificate type is Apache based.
Solution
Follow these steps for re-issuing SSL certificates:
- Generate a New Certificate Request
- Import the Renewed Certificate in Kerio Connect
- Install Intermediate Certificates (If Applicable)
- Examine the Installed Certificates (Confirmation)
Refer to the sections below for instructions about each step.
Generate a New Certificate Request
Follow these steps to generate a new certificate request and send it to a Certification Authority:
- Open the Kerio Connect administration console.
- Navigate to Configuration > SSL Certificates.
- Click New > New Certificate Request.
- Enter the required details and click OK.
Note: You can review the details of the old certificate to fill in the New Certificate Request form.
- Select the certificate request you have created.
- Click Export > Export Request.
- Save the certificate on your computer and send it to a Certification Authority (e.g., Verisign, Thawte, SecureSign, Microsoft Authenticode, etc.) for validation.
- Open the certificate request to re-issue the certificate with your vendor.
- Choose the certificate request and click Show Details.
- From the Source tab, copy the Certificate Request text to your CA's web form.
- When prompted to select the certificate type, choose Apache Server.
Note: If your Certification Authority does not have this type, you can choose the Other option.
- Choose the certificate request and click Show Details.
Import the Renewed Certificate in Kerio Connect
Follow these steps to import the SSL Certificate (CRT file) you have received from the Certification Authority:
- In the SSL Certificates section, click on the Request you created earlier.
- Click Import > Import Signed Certificate from CA.
NOTE: The Import Signed Certificate from CA option will not be available (grayed out) if the Generate a New Certificate Request steps were not followed. This option is only available against Certificate requests, and will be grayed out on actual certificates.
- Select the server SSL Certificate (CRT file) you received from the Certification Authority.
- Click Import.
- In the SSL Certificates section, select the new certificate.
- Click Set as Default (in the lower right corner).
- In Status > System Health, click Tasks > Restart Kerio Connect.
Install Intermediate Certificates (If Applicable)
If your Certification Authority provides additional files with a .crt extension, also known as intermediate certificates, you can install these certificates in Kerio Connect separately.
Testing
Examine the Installed SSL Certificates to check if the certificates were installed correctly:
- In a web browser, enter and run the URL for your domain:
https://mail.[your domain].com/webmail/login
- If you receive any warning messages regarding the installed certificates, it means that they were not installed correctly. If the process was successful, you will see the certificate shown as valid and the connection will be secured.