Overview
Some Certification Authorities, such as DigiCert, may generate a .pfx file containing a private SSL certificate key. In such scenarios, you need to convert the file to a suitable format (.crt) and install it through the Kerio Connect administration.
Prerequisites
OpenSSL package installed
Solution
- After the installation is complete, navigate to the directory where your .pfx certificate is located in the Command Prompt and launch openssl:
"C:\Program Files\OpenSSL-Win64\bin\openssl.exe"
(default Windows location of the binary, if you customized the installation it might differ).- For Linux/Mac installations, open Terminal and type
openssl
- On the OpenSSL prompt, type the following:
pkcs12 -in "<certificate_name>.pfx" -nocerts -out private.key -nodes
- Enter the certificate password and press Enter.
- The file
private.key
will be generated in the same directory as the certificate. - You may also export the certificate as a .crt file if needed:
pkcs12 -in "<certificate_name>.pfx" -nokeys -out certificate.crt
- Login to Kerio Connect Administration and navigate to Configuration -> SSL certificates -> click Import button. Depending on the SSL request procedure, choose Import Signed certificate from CA or Import a new certificate option. For more information, please refer to Configuring SSL certificates in Kerio Connect.