Table of Contents
2
Home » Wiki » How to Install an SSL Certificate on Kerio Connect?

How to Install an SSL Certificate on Kerio Connect?

by | SSL Installation Guides

How to Install an SSL Certificate on Kerio Connect

Configuring SSL certificates in Kerio Connect

Secure Sockets Layer (SSL) certificates encrypt the communication between a web server and browsers to ensure all data passed is secured and private. Installing an SSL certificate in Kerio Connect allows users to access the Kerio administration panel and webmail service securely via HTTPS, thereby protecting usernames, passwords, emails, and other sensitive information from interception by hackers.

This guide will walk through the complete process of installing an SSL certificate in Kerio Connect. We will cover:

  • Obtaining an SSL Certificate
  • Uploading the SSL Certificate to Kerio
  • Configuring SSL in Kerio Connect
  • Renewing the SSL Certificate

By the end, your Kerio Connect server will use encryption to protect all administrative and webmail sessions. Users can access Kerio confidently knowing their data is secured.

Also Read: How to Install an SSL Certificate on Proxmox

Obtaining an SSL Certificate

The first step is to purchase or obtain an SSL certificate for your Kerio server. There are a few options:

  • Domain Validated (DV) Certificate: This basic, low-cost option can be used if you only need to secure a single domain on your Kerio server. Just verify you own the domain.
  • Wildcard Certificate: Secures unlimited subdomains on a domain (e.g. *.yourdomain.com). Choose this is if you may expand Kerio across multiple subdomains.
  • Organization Validated (OV): Includes basic company information in the certificate. This verifies business identity to provide more credibility to users.

When purchasing a certificate, choose one compatible with Kerio Connect. Most major SSL providers offer certificates in the formats Kerio accepts:

  • PEM Format (.pem, .crt, .cer file)
  • PFX/PKCS#12 Format (with password protected private key)

The certificate will include a few different files:

  • Public Certificate: The file containing the public certificate itself. Uploaded to Kerio.
  • Private Key: Secures and connects the domains. Remains on your system for later installation.
  • Certificate Authority Bundle: Chain of trust certificates from the SSL provider. Often optional to upload to Kerio but provides full trust in browsers.

Once you have obtained the right SSL certificate files for your server, it’s time to install it into Kerio Connect.

Installing/Uploading the SSL Certificate to Kerio Connect

Follow these steps to upload your newly issued SSL certificate into Kerio Connect using the administration dashboard:

  • Login to your Kerio Connect administration dashboard and go to Settings > SSL Certificates.
  • Click “Import Certificate and Key” and select your SSL certificate file and your private key file from earlier.
  • After review, Kerio will provide an Import Summary. Ensure your domain names and dates look correct.
  • For the CA Bundle/Certificate Chain file:
  • Click “Certificate Authorities” on the SSL Certificates page
  • Paste the full text from the CA Bundle file here to install the chain of trust.
  • Click “Apply” to save all imported SSL files.

Your SSL certificate, private key, and certificate chain should now all be successfully installed in Kerio Connect. Next, we’ll configure Kerio to actively enable and enforce HTTPS and encryption.

Configuring SSL in Kerio Connect

Once the SSL files are imported into Kerio Connect, we need to configure SSL operation and redirect unsecured traffic to use secure HTTPS instead of standard HTTP:

  • From the SSL Certificates page, choose the SSL certificate you want to use from the drop down.
  • Click the “Properties” button to open the configuration.
  • Select both checkboxes:
  • Enable SSL – Globally enables SSL operation
  • Enforce SSL – Redirects HTTP to HTTPS
  • Configure any other SSL settings needed like ciphers, protocol versions, etc.
  • Click “OK” then click “Apply” on the Certificates page to save.
  • Restart the Kerio Connect service for changes to fully apply.

Kerio Connect is now SSL enabled and will redirect administrative and webmail access to secured HTTPS, encrypting all communications.

When visiting the Kerio administration page or webmail login after this configuration (ex: http://mail.yourdomain.com), users will automatically be redirect to the secure counterpart (https://mail.yourdomain.com). The SSL certificate will encrypt the session, protecting account credentials and subsequent emails or data.

Important: If hosts were manually added for administration access under Hosts/Privileges, they must be updated to use https:// to maintain access after enforcing SSL. The redirects will not apply to IP addresses or hosts entered this way.

Renewing the SSL Certificate in Kerio

All SSL certificates have an expiration date set by the Certificate Authority (usually 1-3 years). Once an SSL nears expiration, admins must renew it with the provider and re-upload it to Kerio. Renewal ensures encryption remains active without disruptions.

Follow the renewal process requirements from your SSL provider (they often reach out when certificates expire). Usually, renewal just requires re-verifying domain ownership to receive updated certificate files using the same private key.

Once renewed certificate files are available:

  • Backup your current SSL setup in Kerio (optional).
  • On the SSL Certificates page click “Delete” for the expiring certificate.
  • Follow the upload steps earlier to import the renewed SSL certificate files.
  • Configure the new certificate and enforce SSL exactly like during initial setup.
  • Restart services for the new certificate to become active.

Users may need to clear their browser cache before the renewed certificate fully takes over securing their sessions.

After following these steps to renew and re-upload SSL certificates, Kerio Connect encryption will remain active for all users throughout the next 1-3 years until it expires again. Just repeat this renewal process as often as needed going forward.

Conclusion on Install SSL Certificate on Kerio Connect

Installing an SSL certificate allows Kerio Connect administrators to enable vital HTTPS encryption for private communications with the server. Account credentials, emails, attachments, and other sensitive data will remain secured from prying eyes when accessing Kerio administration or webmail.

By obtaining the proper domain-validated certificate or wildcard, administrators can upload certificate files to Kerio Connect and fully configure HTTPS and SSL encryption within the control panel. Redirecting all HTTP traffic to use HTTPS ensures users always connect securely.

Renewing SSL certificates before they expire is crucial to prevent disruptions to the encryption layer protecting Kerio. Simply re-verify domain ownership to receive updated certificate files from the SSL provider, upload to Kerio, and configure settings identically to continue seamless protected access.

With these steps, Kerio Connect can firmly secure administrative and webmail access against unauthorized access by using the power of SSL certificates for robust data protection and privacy.

FAQs about Install SSL Certificate on Kerio Connect

What is the difference between SSL and TLS certificates?

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) certificates both enable HTTPS encrypted connections. TLS certificates are newer versions supporting modern protocols and ciphers considered more secure than traditional SSL. Most modern servers like Kerio now support both SSL and TLS certificates on recent versions.

Can I create a self-signed certificate instead of buying one?

Self-signed certificates can enable encryption however users will see warnings in browsers that they are not validated by a trusted Certificate Authority (CA). Purchased certificates from CAs do not trigger warnings.

What format should my SSL certificate files from the CA be?

When downloading certificates for use with Kerio, always select the PEM file format option. This will provide the .pem/.crt files needed. Some CAs may alternatively provide .pfx or PKCS#12 files containing the private key, which also work with Kerio.

How do I migrate SSL certificates when switching Kerio servers?

First back up the current SSL certificate files and private keys from the original server. Then when installing Kerio fresh on new hardware, import these same files to maintain the existing encryption without needing to re-purchase certificates.

Can I use the same SSL certificate on multiple Kerio Connect servers?

No, an SSL certificate can only be used on one server at a time, as the private key helps link and validate the identity of that singular server. Each server, whether Kerio or other platforms, requires a separate certificate purchase if needing encryption.

Do all features of Kerio use the installed SSL certificate?

Once configured, the installed SSL certificate will be utilized to encrypt sessions between server and client for Administrator Panel access, Webmail access, VPN tunnels, and POP/IMAP client access connections (if configured).

Related Articles:

How to Install an SSL Certificate on IIS 8How to Install an SSL Certificate on IIS 8 How to Install an SSL Certificate on SentoraHow to Install an SSL Certificate on Sentora? How to Install Wildcard SSL Certificate on IIS 7 or 8How to Install Wildcard SSL Certificate on IIS 7 or 8