When generating a certificate request, some key generation applications will create a pass phrase associated with the key file. When importing this key file into Kerio MailServer, it will appear successful, however after restarting Kerio MailServer all secure services will be disabled. You may find the following event in the error log:
socklib.cpp: Cannot load SSL private key file /usr/local/kerio/mailserver/sslcert/server.key: error:0906406D:PEM routines:PEM_def_callback:problems getting password
Kerio MailServer does not support password protected keys, however you can use an external utility to convert the key file so that it does not require a pass phrase. On linux/OSX you can run the following command on the key file:
openssl rsa -in server.key -out server.key
On Windows you can use the sslkeygen utility with the same command.
The private key is located in the following location:
Mac OS X
You may find multiple private key files located in this directory, (e.g. server.key, server1.key, server2.key). You can identify the correct key file by matching the file name to the active certificate name specified under the 'SSL Certificates' dialog in the Kerio MailServer administration console.