Overview
- You are seeing an error “Untrusted certificate unable to get local issuer certificate.” You purchased an SSL certificate that contains a Root CA certificate, two intermediate CA certificates, and a PositiveSSL Wildcard certificate.
- You are having problems getting the SSL certificate to appear as trusted. You have tried to troubleshoot by restarting the server, FTP the bundle certificates to opt/kerio/mailserver/sslaca directly, but the problem is unresolved.
- You are using the latest version of Kerio Connect: 9.3.1 patch 1 (5492)
Solution
- Check to ensure you are not using bundled CA certificates (stitched in the same CRT file).
- If you are using bundled CA certificates follow these steps:
- Clear any bundled CA certificates from /opt/kerio/mailserver/sslca directory as it should only contain Intermediate certificates.
- Create individual CRT files for each Intermediate certificate.
- Follow the process in Installing Intermediate SSL certificates.
- Restart Kerio Connect.
- Manually add a trusted Root certificate by following the process in the article Adding Trusted Root Certificates to the Server. Follow the instructions relevant to your operating system.
Testing
Check to see if the error continues.
Other steps to follow if the error persists:
- Contact the certification authority and ask for a fresh file to upload
- Create a Manual Support Information File by following the steps in the article and submit a request to KerioConnect Support