Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Web Interface Generate or Import Certificate During Kerio Control installation, a testing certificate for the SSL-secured Web interface is created automatically (it is stored in the sslcert subdirectory under the Kerio Control’s installation directory, in the server.crt file; the private key for the certificate is saved as server.key). The certificate created is unique. However, it is issued against a non-existing server name and it is not issued by a trustworthy certificate authority. This certificate is intended to ensure functionality of the secured Web interface (usually for testing purposes) until a new certificate is created or a certificate issued by a public certificate authority is imported. Click on the Change SSL certificate (in the dialog for advanced settings for the Web interface) to view the dialog with the current server certificate. By selecting the Field (certificate entry) option you can view information either about the certificate issuer or about the subject represented by your server. Figure 12.2 Kerio Control’s web interface SSL certificate You can obtain your own certificate, which verifies your server’s identity, by two means. You can create your own self-signed certificate. Click Generate Certificate in the dialog where current server status is displayed. Insert required data about the server and your company into the dialog entries. Only entries marked with an asterisk (*) are required. Click on the OK button to view the Server SSL certificate dialog. The certificate will be started automatically (you will not need to restart your operating system). When created, the certificate is saved as server.crt and the corresponding private key as server.key. A new (self-signed) certificate is unique. It is created by your company, addressed to your company and based on the name of your server. Unlike the testing version of the certificate, this certificate ensures your clients security, as it is unique and the identity of your server is guaranteed by it. Clients will be warned only about the fact that the certificate was not 166
12.2 User authentication at the web interface Figure 12.3 Creating a new “self-signed” certificate for Kerio Control’s web interface issued by a trustworthy certification authority. However, they can install the certificate in the browser without worrying since they are aware of who and why created the certificate. Secure communication is then ensured for them and no warning will be displayed again because your certificate has all it needs. Another option is to purchase a full certificate from a public certification authority (e.g. Verisign, Thawte, SecureSign, SecureNet, Microsoft Authenticode, etc.). To import a certificate, open the certificate file (*.crt) and the file including the corresponding private key (*.key). These files are stored in sslcert under the Kerio Control’s installation directory. The process of certification is quite complex and requires a certain expertise. For detailed instructions contact Kerio technical support. 12.2 User authentication at the web interface User authentication is required for access to the Kerio Control’s web interface. Any user with their own account in Kerio Control can authenticate to the web interface. Depending on the right to view statistics (see chapter 16.2), either Kerio StaR is opened or a page with status information and personal preferences is displayed upon logon. If more than one Active Directory domain are used (see chapter 16.4), the following rules apply to the user name: • Local user account — the name must be specified without the domain (e.g. admin), • Primary domain — missing domain is acceptable in the name specification (e.g. jsmith), but it is also possible to include the domain (e.g. jsmith@company.com), • Other domains — the name specified must include the domain (e.g. drdolittle@usoffice.company.com). 167
- Page 115 and 116: 8.1 Network intrusion prevention sy
- Page 117 and 118: 8.2 MAC address filtering Figure 8.
- Page 119 and 120: 8.3 Special Security Settings Anti-
- Page 121 and 122: 8.4 P2P Eliminator Figure 8.5 Detec
- Page 123 and 124: 8.4 P2P Eliminator The Define servi
- Page 125 and 126: 9.1 DNS module of the firewall’s
- Page 127 and 128: 9.1 DNS module Figure 9.2 Editor of
- Page 129 and 130: 9.1 DNS module Figure 9.3 Specific
- Page 131 and 132: 9.2 DHCP server If the Do not forwa
- Page 133 and 134: 9.2 DHCP server Figure 9.5 DHCP ser
- Page 135 and 136: 9.2 DHCP server Figure 9.7 DHCP ser
- Page 137 and 138: 9.2 DHCP server Figure 9.9 DHCP ser
- Page 139 and 140: 9.2 DHCP server Leases IP scopes ca
- Page 141 and 142: 9.2 DHCP server Figure 9.13 DHCP se
- Page 143 and 144: 9.3 Dynamic DNS for public IP addre
- Page 145 and 146: 9.4 Proxy server Proxy Server Confi
- Page 147 and 148: 9.5 HTTP cache Note: The configurat
- Page 149 and 150: 9.5 HTTP cache other objects can be
- Page 151 and 152: 9.5 HTTP cache TTL TTL of objects m
- Page 153 and 154: Chapter 10 Bandwidth Limiter The ma
- Page 155 and 156: 10.2 Bandwidth Limiter configuratio
- Page 157 and 158: 10.2 Bandwidth Limiter configuratio
- Page 159 and 160: 10.3 Detection of connections with
- Page 161 and 162: 11.1 Firewall User Authentication T
- Page 163 and 164: 11.1 Firewall User Authentication a
- Page 165: 12.1 Web interface and certificate
- Page 169 and 170: Chapter 13 HTTP and FTP filtering K
- Page 171 and 172: 13.2 URL Rules Rules in this sectio
- Page 173 and 174: 13.2 URL Rules for example a rule a
- Page 175 and 176: 13.2 URL Rules • A page informing
- Page 177 and 178: 13.3 Content Rating System (Kerio W
- Page 179 and 180: 13.3 Content Rating System (Kerio W
- Page 181 and 182: 13.4 Web content filtering by word
- Page 183 and 184: 13.4 Web content filtering by word
- Page 185 and 186: 13.5 FTP Policy Weight Word weight
- Page 187 and 188: 13.5 FTP Policy Open the General ta
- Page 189 and 190: 13.5 FTP Policy Scan content for vi
- Page 191 and 192: 14.2 How to choose and setup antivi
- Page 193 and 194: 14.2 How to choose and setup antivi
- Page 195 and 196: 14.3 HTTP and FTP scanning Warning:
- Page 197 and 198: 14.3 HTTP and FTP scanning Use the
- Page 199 and 200: 14.4 Email scanning If only an aste
- Page 201 and 202: 14.4 Email scanning Figure 14.9 Set
- Page 203 and 204: 14.5 Scanning of files transferred
- Page 205 and 206: 15.2 Time Ranges Figure 15.2 IP gro
- Page 207 and 208: 15.3 Services Figure 15.4 Time rang
- Page 209 and 210: 15.3 Services Protocol The communic
- Page 211 and 212: 15.4 URL Groups Note: 1. Generally,
- Page 213 and 214: 15.4 URL Groups Examples:: • www.
- Page 215 and 216: 16.1 Viewing and definitions of use
Web Interface<br />
Generate or Import Certificate<br />
During <strong>Kerio</strong> Control installation, a testing certificate for the SSL-secured Web interface is<br />
created automatically (it is stored in the sslcert subdirectory under the <strong>Kerio</strong> Control’s<br />
installation directory, in the server.crt file; the private key for the certificate is saved as<br />
server.key). The certificate created is unique. However, it is issued against a non-existing<br />
server name and it is not issued by a trustworthy certificate authority. This certificate is<br />
intended to ensure functionality of the secured Web interface (usually for testing purposes)<br />
until a new certificate is created or a certificate issued by a public certificate authority is<br />
imported.<br />
Click on the Change SSL certificate (in the dialog for advanced settings for the Web interface)<br />
to view the dialog with the current server certificate. By selecting the Field (certificate entry)<br />
option you can view information either about the certificate issuer or about the subject<br />
represented by your server.<br />
Figure 12.2<br />
<strong>Kerio</strong> Control’s web interface SSL certificate<br />
You can obtain your own certificate, which verifies your server’s identity, by two means.<br />
You can create your own self-signed certificate. Click Generate Certificate in the dialog where<br />
current server status is displayed. Insert required data about the server and your company<br />
into the dialog entries. Only entries marked with an asterisk (*) are required.<br />
Click on the OK button to view the Server SSL certificate dialog. The certificate will be<br />
started automatically (you will not need to restart your operating system). When created,<br />
the certificate is saved as server.crt and the corresponding private key as server.key.<br />
A new (self-signed) certificate is unique. It is created by your company, addressed to your<br />
company and based on the name of your server. Unlike the testing version of the certificate,<br />
this certificate ensures your clients security, as it is unique and the identity of your server<br />
is guaranteed by it. Clients will be warned only about the fact that the certificate was not<br />
166