Overview
If your certificate is expiring and you need to import a new one, you must also select the certificate in all Kerio Control services where the expiring certificate is used.
An expired certificate may cause PCI scan to fail with an SSL certificate cannot
be trusted issue.
Process
- In the Administration interface, navigate to Definitions > SSL Certificates.
- Create a new certificate. Refer to the Configuring SSL Certificates In Kerio Control article.
- Verify that the certificate is included in the SSL Certificates section.
- Select the certificate in all places where the expiring certificate is used (see the table below).
| Services Which Need a Valid SSL Certificate | The Section in Kerio Control Administration |
|---|---|
| Kerio VPN Server | Interfaces |
| Kerio IPsec Server | Interfaces |
| Kerio VPN Tunnel | Interfaces |
| IPsec VPN Tunnel | Interfaces |
| Wi-Fi Authentication (RADIUS server) | Domains and User Login > Authentication Options |
| Reverse Proxy server | Proxy Server > Reverse Proxy |
| SSL certificate for a reverse proxy rule. The certificate hostname must be the full DNS server name. | Proxy Server > Reverse Proxy > Reverse Proxy Rule |
| Kerio Control Administration and Kerio Control Statistics | Advanced Options > Web Interface |
Confirmation
The new certificate gets reflected in all the updated locations.