Best-practices for securing Kerio Connect, SSL certificate queries
Overview When Two-Factor Authentication (2FA) is enabled in Kerio Connect (version 9.4 and later), administrators and developers may attempt to use an application password to authenticate against the ...
Overview Starting in early 2025, Spamhaus began enforcing their fair-use policy by blocking DNS-based blacklist (DNSBL) queries originating from certain hosting providers, including Hetzner. Servers h...
Summary In January 2026, Let's Encrypt introduced a new short-lived 6-day certificate profile (shortlived). Kerio Connect's built-in Let's Encrypt integration, available since version 9.4, was designe...
Overview Some Kerio Connect users may become unexpectedly disabled after multiple failed two-factor authentication (2FA) attempts. This is due to a built-in security feature, though the log message ma...
Overview During a security audit of a Kerio Connect server, you may encounter a warning for “Secure Client Renegotiation.” This warning indicates that your server may permit TLS renegotiation, which c...
Overview Users may encounter an SSL certificate error where the certificate is incorrectly reported as expired. This issue can occur if outdated SSL certificates are present or if a firewall is inject...
Overview Having enabled two-factor authentication (2FA) in Kerio Connect, you would like to see which users have 2FA configured. Solution Starting with Kerio Connect Version 10.0.1, you can check whic...
Overview This article provides clarification on forced TLS encryption for outbound emails. Also, it provides a list of different DLP (Data Loss Prevention) software that can be used to protect the Ker...
Overview While renewing the SSL certificate, the new certificate is being marked as Untrusted with Unable to get certificate CRL warning. The Kerio Connect Configuration -> SSL certificates UI is show...
Overview The customer sees both IMAP and IMAP Secure protocols using Secure connection. The following is displayed under the Kerio Connect Administration > Status > Active Connections: You may receiv...