For Kerio MailServer
Before you Begin
Testing for this guide was performed on a MAC OS X Tiger Server.
Please note: Kerio MailServer does not support server-side intermediate certificates. Entrust does NOT use intermediate certificates for standard or advantage type certificates.
This process is in three parts:
1) Keypair and CSR generation
2) Server Certificate Installation
3) Enabling SSL
Part 1 of 3: Keypair and CSR generation
1. From the Administration Console, locate the Configuration/SSL Certificates dialog.
Select New -> Certificate Request .
2. Supply all information. Note: The 'Hostname' (external DNS of the site) MUST resolve to the IP address of your Kerio MailServer in order for the certificate to work.
3. View the request file by selecting the request, and Show -> request. The request information will appear in a separate window.
Part 2 of 3: Server Certificate Installation
Once you have received the certificate in X.509 base-64 encoded format, this exact information must be saved as *.crt to some location on the local hard drive.
1. Locate the /sslcert directory.
OSX: /usr/local/kerio/mailserver
Windows: C:/program files/kerio/mailserver
Red Hat: /opt/kerio/mailserver
2. Locate the *.csr file. This is the request file, it should be named something like server1.csr .
3. Copy the signed certificate into this directory using the same name as the request file, but with the .crt extension. For example server1.crt .
At this point, you should have three files: the request ( *.csr ), the private key ( *.key ), and the certificate ( *.crt ). All files should have the same name, for example server1.csr , server1.key and server1.crt .
1. Restart Kerio MailServer and reconnect to the administration console.
2. In Configuration/SSL Certificates, select the new certificate and choose the 'set as active' button in the bottom right corner.
3. Restart the Kerio MailServer service to activate the new signed certificate.
Disaster Recovery
Once you have completed this procedure, create a backup copy of the sslcert directory and save it to external media. If you loose the private key, it will be necessary to generate a new request and repeat this process.
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
Country | Number |
Australia |
0011 - 800-3687-7863
1-800-767-513 |
Austria | 00 - 800-3687-7863 |
Belgium | 00 - 800-3687-7863 |
Denmark | 00 - 800-3687-7863 |
Finland |
990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet) |
France | 00 - 800-3687-7863 |
Germany | 00 - 800-3687-7863 |
Hong Kong |
001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax) |
Ireland | 00 - 800-3687-7863 |
Israel | 014 - 800-3687-7863 |
Italy | 00 - 800-3687-7863 |
Japan |
001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ) 0061 - 800-3687-7863 (IDC) |
Korea |
001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom) |
Malaysia | 00 - 800-3687-7863 |
Netherlands | 00 - 800-3687-7863 |
New Zealand |
00 - 800-3687-7863
0800-4413101 |
Norway | 00 - 800-3687-7863 |
Singapore | 001 - 800-3687-7863 |
Spain | 00 - 800-3687-7863 |
Sweden |
00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2) |
Switzerland | 00 - 800-3687-7863 |
Taiwan | 00 - 800-3687-7863 |
United Kingdom |
00 - 800-3687-7863
0800 121 6078 +44 (0) 118 953 3088 |