How do I re-issue my SSL certificate?

You need to re-issue an SSL certificate, perhaps because it was not possible to renew with a new .crt file sent by your Certification Authority (CA). Re-issuing a certificate involves creating a new certificate request in KMS and submitting it to the CA. The process of re-issuing an SSL certificate involves the following steps:

  1. Generate a new certificate request
  2. Import the renewed certificate into Kerio MailServer
  3. Install the intermediate certificates (if applicable)
  4. Examine the installed certificate to see if it is correctly installed

Generate a new certificate request

Follow the instructions for generating a new certificate request in the Kerio Administration manual. (Tip: You can use a web browser and view the certificate details of the old certificate. This might make it easier to fill in the certificate request form.)

You will need access to the certificate request you have just generated to re-issue the certificate with your certificate vendor. Choose the certificate request, then select "Show" then "Show Request..." in the buttons below. This can be used to copy/paste the request text into your CA's web forms. When asked for the type of certificate to generate, select Apache Server.

Import the renewed SSL certificate into Kerio MailServer

Once you receive the SSL Certificate from the Certification Authority, in the form of a .crt file, you need to import it into Kerio mail Server using the KMS Admin Console:

  1. In the SSL Certificates, section, click on (to highlight) the Request you created earlier.
  2. Click on Import > Import Signed Certificate from CA and choose the server SSL Certificate (.crt file) sent to you by the Certification Authority.
  3. Click on the new Certificate and then click on the Set as Active button (in the lower right corner).
  4. Restart Kerio MailServer

Install the intermediate certificates (if applicable)

If your Certification Authority provides additional files with a .crt extension, so-called intermediate certificates, you can install these into the Kerio MailServer separately. For example, GoDaddy may supply a gd_intermediate.crt or gd_bundle.crt file. Note: the intermediate files may already have been installed when the certificates were first purchased. Check the location in step 2 below to determine if the files are already present. To install the intermediate certificate files in Kerio MailServer:

  1. Stop Kerio MailServer.
  2. Copy the intermediate certificate sent by the CA into the sslca folder in the Kerio MailServer folder. For example, in Windows, the default location is C:\Program files\Kerio\MailServer\sslca.
  3. Start Kerio MailServer.

Examine the installed SSL Certificate to see if it is correctly installed

Open a web browser, enter the URL, https://mail.your-domain.com, and you should not receive any warning messages. If you receive any warning messages regarding the certificate, the certificate was not correctly installed.

  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Configuring SSL certificates in Kerio Connect

To secure Kerio Connect by SSL/TLS encryption, you need an SSL certificate. SSL certificates...

Adding trusted root certificates to the server

If you want to send or receive messages signed by root authorities and these authorities are...

How do I configure OS X to use my self-signed SSL certificate?

Learn to configure OS X to use your self-signed SSL certificate with Entourage, Safari and...

How do I import a private key which is protected by a pass phrase?

When generating a certificate request, some key generation applications will create a pass...

How do I renew an expired SSL certificate?

You have renewed your expired certificate with your certificate provider, and a .crt file has...