How do I import a private key which is protected by a pass phrase?

When generating a certificate request, some key generation applications will create a pass phrase associated with the key file. When importing this key file into Kerio MailServer, it will appear successful, however after restarting Kerio MailServer all secure services will be disabled. You may find the following event in the error log:

socklib.cpp: Cannot load SSL private key file /usr/local/kerio/mailserver/sslcert/server.key: error:0906406D:PEM routines:PEM_def_callback:problems getting password

Kerio MailServer does not support password protected keys, however you can use an external utility to convert the key file so that it does not require a pass phrase. On linux/OSX you can run the following command on the key file:

openssl rsa -in server.key -out server.key

On Windows you can use the sslkeygen utility with the same command.

The private key is located in the following location:

Mac OS X





C:\Program Files\Kerio\MailServer\sslcert\

You may find multiple private key files located in this directory, (e.g. server.key, server1.key, server2.key). You can identify the correct key file by matching the file name to the active certificate name specified under the 'SSL Certificates' dialog in the Kerio MailServer administration console.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Configuring SSL certificates in Kerio Connect

To secure Kerio Connect by SSL/TLS encryption, you need an SSL certificate. SSL certificates...

Adding trusted root certificates to the server

If you want to send or receive messages signed by root authorities and these authorities are...

How do I configure OS X to use my self-signed SSL certificate?

Learn to configure OS X to use your self-signed SSL certificate with Entourage, Safari and...

How do I re-issue my SSL certificate?

You need to re-issue an SSL certificate, perhaps because it was not possible to renew with a new...

How do I renew an expired SSL certificate?

You have renewed your expired certificate with your certificate provider, and a .crt file has...