About SSL certificates
You need a SSL certificate if you wish to secure Kerio Connect by SSL/TLS encryption. SSL certificates are used to authenticate an identity on a server.
Kerio Connect creates the first self-signed certificate during the installation. Upon their first login, users will have to confirm they want to go to a page which is not trustworthy. To avoid this, generate a new certificate request in Kerio Connect and send it to a certification authority for authentication.
To make the communication as secure as possible, you can:
- disable all unsecured services or
- set an appropriate security policy
Kerio Connect supports certificates in the following formats:
- Certificate (public key) — X.509 Base64 in text format (PEM). The file has suffix .crt.
- Private key — the file is in RSA format and it has suffix .key with 4KB max.
Creating self-signed certificates
- Go to sectionConfiguration → SSL Certificates
- Click on New → New Certificate
Fill in the information and save.
To enable the server to use this certificate, select the certificate and click on the Set as Active button
Creating certificates signed by certification authority
- Open section Configuration → SSL Certificates and click on New → New Certificate Request.
- Fill in the information and save.
- Select the certificate and click on the Export → Export Request button.
- Save the certificate to your disk and send it to a certification authority.
- Once you obtain your certificate signed by a certification authority:, and click on Import → Import Signed Certificate from CA
- Go to section Configuration → SSL Certificates
- Click on Import → Import Signed Certificate from CA
- To enable the server to use this certificate, select the certificate and click on the Set as Active button.
Kerio Connect allows authentication by intermediate certificates. To make authentication by these certificates work, follow these steps to add the certificates to Kerio Connect:
1. In a text editor, open the server certificate and the intermediate certificate.
2. Copy the intermediate certificate below the server certificate into the server certificate file (*.crt) and save.
The file may look like this:
..... this is a server SSL certificate ...
..... this is an intermediate SSL certificate which
signed the server certificate...
3. In the administration interface, go to section Configuration → SSL Certificates.
4. Import the modified server certificate by clicking on Import → Import New Certificate.
5. Save the settings.
If you have multiple intermediate certificates, add them one by one to the server certificate file.