Transferring a signed SSL certificate from Internet Information Server into Kerio Connect
Export the private key from IIS
- Open the Internet Information Services administration console located in the Control Panel > Administrative Tools.
- Select the properties of your website.
- Select the Directory Security tab
- Select the button 'View Certificate'.
- Select the Details tab.
- Choose the 'Copy to file' button.
- Choose 'Yes export the private key'.
- The key will be generated using Personal Information Exchange PKCS#12(.pfx).
- Specify and confirm a password.
- Specify a name and save the file to the local disk. In this document we will use the example name example.pfx.
Export the certificate from IIS
- Refer to the Internet Information Services administration console located in the Control Panel > Administrative tools.
- Select the properties of your website.
- Select the Directory Security tab.
- Choose to 'View Certificate'.
- Select the Details tab.
- Choose the 'Copy to file' button.
- Choose 'No, do not export the private key'.
- Specify to export the certificate in base-64 encoded X.509 (.CER).
- Specify a name and save the file to the local disk. In this document we will use the example name example.cer
- Once the file is created, rename the extension to .crt (e.g. example.crt), as this is the extension format used by Kerio MailServer.
NOTE
The following procedure can only be performed from a Windows computer. The key file can be later copied to another operating system.
Change the key format from PKCS#12 to RSA
- Download the SSL Certificate Utility.
- Extract the zip file to some location on the local hard drive. There are four necessary files: ssleay32.dll, libeay32.dll, openssl.cfg and openssl.exe.
- Move the two files exported from IIS (example.crt and example.pfx) into the folder containing the extracted files.
- Execute the file openssl.exe.
- Type the following command: pkcs12 -in example.pfx -nocerts -out example.pem.
- You will need to supply the password used when you created the Personal Information Exchange file during the export from IIS.
- After supplying the password, you will then be asked to create and verify a "PEM pass phrase". You will need to supply this pass phrase in order to convert the "PEM file" to a KEY file. This pass phrase will be used only once, and is not relevant after the key file has been created.
- At this point you will have a new file in the same directory called example.pem.
- Type the following command: rsa -in example.pem -out example.key.
- After entering the "PEM pass phrase", the example.key file will be generated. You will no longer need the "PEM pass phrase".
Import the certificate and key files into Kerio MailServer
- Locate the /sslcert directory. The default location for each supported Operating System is provided below.
- OS X: /usr/local/kerio/mailserver
- Windows: C:/program files/kerio/mailserver
- Linux: /opt/kerio/mailserver
- Copy the example.crt and example.key files into this directory.
- Restart Kerio MailServer
- Connect to Kerio MailServer using the Administration console and go to the Configuration > SSL Certificates dialog.
- Select the new certificate and choose the option 'Set as active'.
- Restart Kerio MailServer and the certificate and key should now be used by Kerio MailServer.
