Overview
If your certificate is expiring and you need to import a new one, you must also select the certificate in all Kerio Control services where the expiring certificate is used.
An expired certificate may cause PCI scan to fail with an SSL certificate cannot be trusted issue.
Process
- In the Administration interface, navigate to Definitions > SSL Certificates.
- Create a new certificate. Refer to the Configuring SSL Certificates In Kerio Control article.
- Verify that the certificate is included in the SSL Certificates section.
- Select the certificate in all places where the expiring certificate is used (see the table below).
| Services Which Need a Valid SSL Certificate | The Section in Kerio Control Administration |
|---|---|
| Kerio VPN Server | Interfaces |
| Kerio IPsec Server | Interfaces |
| Kerio VPN Tunnel | Interfaces |
| IPsec VPN Tunnel | Interfaces |
| Wi-Fi Authentication (RADIUS server) | Domains and User Login > Authentication Options |
| Reverse Proxy server | Proxy Server > Reverse Proxy |
| SSL certificate for a reverse proxy rule. The certificate hostname must be the full DNS server name. | Proxy Server > Reverse Proxy > Reverse Proxy Rule |
| Kerio Control Administration and Kerio Control Statistics | Advanced Options > Web Interface |
NOTE: we've had some isolated occurrences where the SSL certificate would not apply resulting in the admin UI getting unresponsive. If you are facing this trouble, please check the renewed SSL certificate that you received from the certification authority for any chained intermediate certificates and remove the intermediate certificate, then attempt to replace it once more, and it should work this time around.
Confirmation
The new certificate gets reflected in all the updated locations.
Priyanka Bhotika
Comments