Overview

Export an SSL Certificate to be imported to user's browsers to prevent going through security exception pop-up that they need to confirm whenever they access an HTTPS page.

Diagnosis

You must import the Kerio Control certificate as a root certification authority into browsers on users' computers. Otherwise, users have to confirm a security exception with each access to an HTTPS page which is annoying.

If you use Microsoft Active Directory, you can deploy the Kerio Control certificate into Microsoft Internet Explorer. For more information, please refer to Deploying Kerio Control certificate via Microsoft Active Directory.

Solution

Exporting a Certificate from Kerio Control

You must export a certificate of the Kerio Control local authority in PEM format to install it to users' browsers.

1. In the Administration interface, navigate to Definitions > SSL Certificates.
2. Right-click the Local Authority row.
3. Click on Export > Export Certificate in PEM.
4. Save the certificate.
   
   

Importing certificates into clients' PCs

1. If you use a Kerio Control internal user database or Apple Open Directory, your users must install the Kerio Control certificate into their browsers themselves by clicking the Install Firewall certification authority button.
   
2. In all the major browsers, a link to instructions appears once the Install authority button is clicked.
   
3. (Optional) The direct SSL certification installation link is https://<kerio_control_ip>:4081/nonauth/installCertificate.cs
   
   It will show legal information if the Legal Notice option is enabled.
   

Confirmation

The Kerio Control SSL certificate is installed in the clients' browsers.