When generating a certificate request, some key generation applications create a passphrase associated with the key file. When importing this key file into Kerio MailServer, it appears successful, however, after restarting Kerio MailServer all secured services are disabled.
You may find the following event in the error log:
socklib.cpp: Cannot load SSL private key file /usr/local/kerio/mailserver/sslcert/server.key: error:0906406D:PEM routines:PEM_def_callback:problems getting password
Kerio MailServer does not support password protected keys, however, you can use an external utility to convert the key file so that it does not require a passphrase. On Linux/OSX, you can run the following command on the key file:
openssl rsa -in server.key -out server.key
On Windows, you can use the
sslkeygen utility with the same command.
The private key is located in the following location:
Mac OS X
You may find multiple private key files located in this directory, (e.g. server.key, server1.key, server2.key). You can identify the correct key file by matching the file name to the active certificate name specified under the 'SSL Certificates' dialog in the Kerio MailServer administration console.