While trying to establish a persistent (permanent) connectivity mode in Kerio VPN client, the connection needs to be disconnected. It might the case the expired SSL certificate, which is used for securing users through Kerio Control VPN, needs to be replaced.
"Persistent connection" checkbox will be greyed out unless you enable "Save password" option.
This article provides explanations about the necessary permission rights and UI settings presented in Kerio VPN client for Windows and Mac.
It is required to re-establish the connection for Kerio VPN client users when a certificate changed in the VPN interface settings.
When a persistent mode is enabled, the connection is closed and the SSL fingerprint doesn't match unless you disconnect and connect again to the VPN to import the certificate.
When configuring the Kerio Control VPN client, the option to enable the Persistent Connection can only be enabled with administrator rights, therefore, it's only possible to disable it with the same rights. Even if you install manually the certificate in the user's computer, the Kerio VPN Client will not be able to establish a connection.
Please note that when toggling the persistent connection on a standard (non-admin) Windows account, inserting the admin password will create an "in-app admin session" by default, which persists until either the Kerio Control VPN client is exited from the taskbar or the client machine is restarted. This "in-app admin session" will allow the end user to disconnect or toggle the persistent connection option, so in order to make sure that the standard user cannot do this, ending the admin session is required per the above indication.