You need to re-issue an SSL certificate, perhaps because it was not possible to renew with a new .crt file sent by your Certification Authority (CA). Re-issuing a certificate involves creating a new certificate request in KMS and submitting it to the CA. The process of re-issuing an SSL certificate involves the following steps:
- Generate a new certificate request
- Import the renewed certificate into Kerio MailServer
- Install the intermediate certificates (if applicable)
- Examine the installed certificate to see if it is correctly installed
Generate a new certificate request
Follow the instructions for generating a new certificate request in the Kerio Administration manual. (Tip: You can use a web browser and view the certificate details of the old certificate. This might make it easier to fill in the certificate request form.)
You will need access to the certificate request you have just generated to re-issue the certificate with your certificate vendor. Choose the certificate request, then select "Show" then "Show Request..." in the buttons below. This can be used to copy/paste the request text into your CA's web forms. When asked for the type of certificate to generate, select Apache Server.
Import the renewed SSL certificate into Kerio MailServer
Once you receive the SSL Certificate from the Certification Authority, in the form of a .crt file, you need to import it into Kerio mail Server using the KMS Admin Console:
- In the SSL Certificates, section, click on (to highlight) the Request you created earlier.
- Click on Import > Import Signed Certificate from CA and choose the server SSL Certificate (.crt file) sent to you by the Certification Authority.
- Click on the new Certificate and then click on the Set as Active button (in the lower right corner).
- Restart Kerio MailServer
Install the intermediate certificates (if applicable)
If your Certification Authority provides additional files with a .crt extension, so-called intermediate certificates, you can install these into the Kerio MailServer separately. For example, GoDaddy may supply a gd_intermediate.crt or gd_bundle.crt file. Note: the intermediate files may already have been installed when the certificates were first purchased. Check the location in step 2 below to determine if the files are already present. To install the intermediate certificate files in Kerio MailServer:
- Stop Kerio MailServer.
- Copy the intermediate certificate sent by the CA into the sslca folder in the Kerio MailServer folder. For example, in Windows, the default location is C:\Program files\Kerio\MailServer\sslca.
- Start Kerio MailServer.
Examine the installed SSL Certificate to see if it is correctly installed
Open a web browser, enter the URL,
https://mail.your-domain.com, and you should not receive any warning messages. If you receive any warning messages regarding the certificate, the certificate was not correctly installed.