Configuring SSL certificates in Kerio Connect
Article Number: 1132 | Last Updated: Thu, Jul 14, 2016 1:56 PM
To secure Kerio Connect by SSL/TLS encryption, you need a SSL certificate. SSL certificates authenticate an identity on a server.
Kerio Connect creates the first self-signed certificate during the installation. Upon the first login, users must confirm to go to a page which is not trustworthy. To avoid this, generate a new certificate request in Kerio Connect and send it to a certification authority for authentication.
You can have one or more certificates for each domain configured in Kerio Connect.
If you want to use an existing SSL certificate from another service, export the existing SSL certificate and the public key in the PEM format and import them to Kerio Connect.
Manage certificates in the Configuration → SSL Certificates section .
To make the communication as secure as possible, you can:
Kerio Connect supports certificates in the following formats:
New in Kerio Connect 9.0.2!
Since Kerio Connect 9.0.2, you can import certificates for different domains to Kerio Connect. Kerio Connect then selects and uses the appropriate certificate.
If multiple certificates exist for a single domain, Kerio Connect selects a certificate according to the following order:
If a certificate expires and you have already imported a new valid certificate to Kerio Connect for the same domain, delete the old certificate or restart the server to use the new valid certificate.
Creating self-signed certificates
To create a self-signed certificate, follow these steps:
To enable the server to use this certificate, select the certificate and click on the Set as Default button (Set as Active in older versions).
Creating certificates signed by certification authority
To use a certificate signed by a trustworthy certification authority, you must first generate a certificate request, send it to a certification authority and import a signed certificate upon receiving it.
Once you obtain your certificate signed by a certification authority:, and click on Import → Import Signed Certificate from CA.
Kerio Connect allows authentication by intermediate certificates. To make authentication by these certificates work, follow these steps to add the certificates to Kerio Connect:
If you have multiple intermediate certificates, add them one by one to the server certificate file.