Skip to main content

How do I setup an Entrust SSL certificate on Kerio Mail Server?

User-added image
User-added image For Kerio MailServer

Before you Begin

Testing for this guide was performed on a MAC OS X Tiger Server.
Please note: Kerio MailServer does not support server-side intermediate certificates. Entrust does NOT use intermediate certificates for standard or advantage type certificates.

This process is in three parts:
1) Keypair and CSR generation
2) Server Certificate Installation
3) Enabling SSL

Part 1 of 3: Keypair and CSR generation

1. From the Administration Console, locate the Configuration/SSL Certificates dialog.

Select New -> Certificate Request .

2. Supply all information. Note: The 'Hostname' (external DNS of the site) MUST resolve to the IP address of your Kerio MailServer in order for the certificate to work.

3. View the request file by selecting the request, and Show -> request. The request information will appear in a separate window.

Part 2 of 3: Server Certificate Installation

Once you have received the certificate in X.509 base-64 encoded format, this exact information must be saved as *.crt to some location on the local hard drive.

1. Locate the /sslcert directory.

OSX: /usr/local/kerio/mailserver

Windows: C:/program files/kerio/mailserver

Red Hat: /opt/kerio/mailserver

2. Locate the *.csr file. This is the request file, it should be named something like server1.csr .

3. Copy the signed certificate into this directory using the same name as the request file, but with the .crt extension. For example server1.crt .

At this point, you should have three files: the request ( *.csr ), the private key ( *.key ), and the certificate ( *.crt ). All files should have the same name, for example server1.csr , server1.key and server1.crt .

Part 3 of 3: Enabling SSL

1. Restart Kerio MailServer and reconnect to the administration console.

2. In Configuration/SSL Certificates, select the new certificate and choose the 'set as active' button in the bottom right corner.

3. Restart the Kerio MailServer service to activate the new signed certificate.

Disaster Recovery

Once you have completed this procedure, create a backup copy of the sslcert directory and save it to external media.  If you loose the private key, it will be necessary to generate a new request and repeat this process.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country Number
Australia 0011 - 800-3687-7863
1-800-767-513
Austria 00 - 800-3687-7863
Belgium 00 - 800-3687-7863
Denmark 00 - 800-3687-7863
Finland 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France 00 - 800-3687-7863
Germany 00 - 800-3687-7863
Hong Kong 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland 00 - 800-3687-7863
Israel 014 - 800-3687-7863
Italy 00 - 800-3687-7863
Japan 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia 00 - 800-3687-7863
Netherlands 00 - 800-3687-7863
New Zealand 00 - 800-3687-7863
0800-4413101
Norway 00 - 800-3687-7863
Singapore 001 - 800-3687-7863
Spain 00 - 800-3687-7863
Sweden 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland 00 - 800-3687-7863
Taiwan 00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088