Configuring SSL certificates in Kerio Control
Article Number: 1293 | Last Updated: Thu, Dec 15, 2016 12:48 PM
SSL certificates overview
You need an SSL certificate to use encrypted communication (VPN, HTTPS etc.). SSL certificates are used to authenticate an identity on a server.
For generating SSL certificates, Kerio Control uses its own local authority. Kerio Control creates the first certificate during installation. The server can use this certificate.
However, to avoid users seeing a confirmation message that suggests the site is not secure, you must generate a new certificate request in Kerio Control and send it to a certification authority for authentication.
Kerio Control supports certificates in the following formats:
Creating a new Local Authority
Local Authority is generated automatically during Kerio Control installation. However, the hostname and other data are incorrect, so you need to generate a new certificate for the Local Authority.
To create and use a certificate for the Local Authority:
The new Local Authority will be available and visible in Definitions → SSL Certificates. The old one is:
If you need to know how to export the local authority and import it as root certificate to a browser, read the Exporting and importing Kerio Control local authority as root certificate article.
Creating a certificate signed by Local Authority
Create a new certificate if the old one is not valid anymore.
To create a certificate, follow these instructions:
Now you can use this certificate. Using the certificate means that you have to select it in the specific settings (for example SSL certificate for VPN server you have to select in Interfaces → VPN Server).
Creating a certificate signed by a Certification Authority
To create and use a certificate signed by a trustworthy certification authority, follow these instructions:
The certificate replaces the certificate request. You can use this certificate. Using the certificate means that you have to select it in the specific settings (for example SSL certificate for VPN server you have to select in Interfaces → VPN Server).
Importing intermediate certificates
Kerio Control allows authentication by intermediate certificates.
To add an intermediate certificate to Kerio Control, follow these steps:
If you have multiple intermediate certificates, add them all in the same way.
Changing SSL certificates
If your certificate is expiring and you need to import a new one, you must also select the certificate in all Kerio Control services where the expiring certificate is used. For details, see Changing SSL certificates in Kerio Control.