メインコンテンツまでスキップ

How do I setup an Entrust SSL certificate on Kerio Mail Server?

User-added image
User-added image For Kerio MailServer

Before you Begin

Testing for this guide was performed on a MAC OS X Tiger Server.
Please note: Kerio MailServer does not support server-side intermediate certificates. Entrust does NOT use intermediate certificates for standard or advantage type certificates.

This process is in three parts:
1) Keypair and CSR generation
2) Server Certificate Installation
3) Enabling SSL

Part 1 of 3: Keypair and CSR generation

1. From the Administration Console, locate the Configuration/SSL Certificates dialog.

Select New -> Certificate Request .

2. Supply all information. Note: The 'Hostname' (external DNS of the site) MUST resolve to the IP address of your Kerio MailServer in order for the certificate to work.

3. View the request file by selecting the request, and Show -> request. The request information will appear in a separate window.

Part 2 of 3: Server Certificate Installation

Once you have received the certificate in X.509 base-64 encoded format, this exact information must be saved as *.crt to some location on the local hard drive.

1. Locate the /sslcert directory.

OSX: /usr/local/kerio/mailserver

Windows: C:/program files/kerio/mailserver

Red Hat: /opt/kerio/mailserver

2. Locate the *.csr file. This is the request file, it should be named something like server1.csr .

3. Copy the signed certificate into this directory using the same name as the request file, but with the .crt extension. For example server1.crt .

At this point, you should have three files: the request ( *.csr ), the private key ( *.key ), and the certificate ( *.crt ). All files should have the same name, for example server1.csr , server1.key and server1.crt .

Part 3 of 3: Enabling SSL

1. Restart Kerio MailServer and reconnect to the administration console.

2. In Configuration/SSL Certificates, select the new certificate and choose the 'set as active' button in the bottom right corner.

3. Restart the Kerio MailServer service to activate the new signed certificate.

Disaster Recovery

Once you have completed this procedure, create a backup copy of the sslcert directory and save it to external media.  If you loose the private key, it will be necessary to generate a new request and repeat this process.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Number
オーストラリア 0011 - 800-3687-7863
1-800-767-513
オーストリア 00 - 800-3687-7863
ベルギー 00 - 800-3687-7863
デンマーク 00 - 800-3687-7863
フィンランド 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
フランス 00 - 800-3687-7863
ドイツ 00 - 800-3687-7863
香港 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
アイルランド 00 - 800-3687-7863
イスラエル 014 - 800-3687-7863
イタリア 00 - 800-3687-7863
日本 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
韓国 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
マレーシア 00 - 800-3687-7863
オランダ 00 - 800-3687-7863
ニュージーランド 00 - 800-3687-7863
0800-4413101
ノルウェー 00 - 800-3687-7863
シンガポール 001 - 800-3687-7863
スペイン 00 - 800-3687-7863
スウェーデン 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
スイス 00 - 800-3687-7863
台湾 00 - 800-3687-7863
英国 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088