Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Chapter 10 Server’s CertificatesLocallyAdd the “intermediate” certificate file to the /sslca directory and copy the server’s certificatewith the private key to the /sslcert directory. Both directories can be found inthe directory where Kerio MailServer is installed.Remotely via the Kerio Administration ConsoleRemote import can be performed as follows:1. Open the server’s certificate and the “intermediate” certificate in any text editor.2. In the “intermediate” certificate, select the certificate’s string and copy it to the servercertificate file next to the string of the server certificate. The certificate file shouldthen be as follows:-----BEGIN CERTIFICATE-----MIIDOjCCAqOgAwIBAgIDPmR/MA0GCSqGSIb3DQEBBAUAMFMxCzAJBgNVBAYTAlMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMR0wGwYDVQ..... this is a server SSL certificate ...ukrkDt4cgQxE6JSEprDiP+nShuh9uk4aUCKMg/g3VgEMulkROzFl6zinDg5grzQspOQTEYoqrc3H4Bwt8=-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIDMzCCApygAwIBAgIEMAAAATANBgkqhkiG9w0BAQUFADCBxDELMAkGA1UEBhWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR..... this is an intermediate SSL certificate whichsigned the server certificate...5BjLqgQRk82bFi1uoG9bNm+E6o3tiUEDywrgrVX60CjbW1+y0CdMaq7dlpszRBt14EmBxKYw==-----END CERTIFICATE-----3. Save the certificate.4. Open the Kerio Administration Console and go to the section referring to SSL certificates.5. Import the server’s certificate by using the Import → Import new certificate option.10.2 Install certificates on client stationsOnly in the following cases it is necessary to install certificate on the client station:• If MS Outlook extended by the Kerio Outlook Connector is used on the station and securedHTTP traffic is desired between the server and the client (typically when the Free/Busyserver is used). In such a case, it is necessary to install the certificate, otherwise the communicationwill not work.• If MS Outlook with the Kerio Synchronization Plug-in is used on the station and folders areplanned to be synchronized by an SSL-secured protocol. In such a case, it is necessary toinstall the certificate, otherwise the communication will not work.88
10.2 Install certificates on client stations• If MS Entourage is used and its services are planned to be secured by SSL encryption. Insuch a case, it is necessary to install the certificate, otherwise the communication will notwork.• For connections to Kerio WebMail over HTTPS. If the certificate is not installed, an alertwarning of the fact is displayed upon each login (see figure 10.1).The simplest way to install a certificate is to use a web browser.Installation in Internet ExplorerInternet Explorer is helpful where the certificate is to be installed to the MS Outlook store(Internet Explorer and MS Outlook share the same certificate store) or where connection toKerio WebMail is to be performed over HTTPS.To install a certificate, follow these instructions:1. Run Internet Explorer and specify the corresponding URL to login to Kerio WebMail. SSLsecuredprotocol must be used for the connection to the server. This implies that the URLshould start with https:// (example: https://mail.company.com/).2. The Security Alert dialog will be opened (see figure 10.1). In this dialog, click on Viewcertificate.3. In the dialog with certificate details displayed, click on the Install certificate button.4. A certificate installation wizard is opened. There is nothing to be set in the wizard. Simplyconfirm all settings and close the wizard to install the certificate.Installation in SafariSSL certificate is required whenever applications are to communicate with Kerio MailServerby SSL-secured services. The Kerio MailServer certificate can be installed by using the Safaribrowser (simply connect to the Kerio WebMail interface via https://):1. Run Safari and specify the corresponding URL to login to Kerio WebMail. SSL-securedprotocol must be used for the connection to the server. This implies that the URL shouldstart with https:// (example: https://mail.company.com/).2. Before the Kerio WebMail’s login page is opened, an alert is displayed informing that thesystem is not able to authorize the server to which you are connecting since the certificateis authorized by an unknown authority (see figure 10.5).3. The alert dialog contains the Show certificate button. Click on it to show the certificate(see figure 10.6).89
- Page 37 and 38: Chapter 3Product Registration and L
- Page 39 and 40: 3.2 Registration with the administr
- Page 41 and 42: 3.2 Registration with the administr
- Page 43 and 44: 3.3 License information and import
- Page 45 and 46: 3.4 Licensing policyOnce number of
- Page 47 and 48: 4.1 Kerio MailServer MonitorFigure
- Page 49 and 50: 4.2 Standalone processes of the ser
- Page 51 and 52: 5.2 Administration WindowThe same d
- Page 53 and 54: 5.2 Administration WindowStatus bar
- Page 55 and 56: Chapter 6ServicesIn Configuration
- Page 57 and 58: 6.1 Service Parameter Settings• a
- Page 59 and 60: 6.1 Service Parameter SettingsFigur
- Page 61 and 62: 6.3 TroubleshootingFigure 6.5The De
- Page 63 and 64: Chapter 7DomainsKerio MailServer ca
- Page 65 and 66: 7.2 GeneralFigure 7.2Domain setting
- Page 67 and 68: 7.4 FootersFigure 7.3Domain setting
- Page 69 and 70: 7.5 ForwardingFigure 7.5Domain sett
- Page 71 and 72: 7.6 Setting of Directory ServicesFi
- Page 73 and 74: 7.6 Setting of Directory ServicesFi
- Page 75 and 76: 7.7 Advanced7.7 AdvancedIn the Adva
- Page 77 and 78: 7.8 WebMail Logo3. In the Logging m
- Page 79 and 80: 8.2 Sending High Priority MessagesW
- Page 81 and 82: Chapter 9SchedulingKerio MailServer
- Page 83 and 84: 9.2 Optimal Scheduling9.2 Optimal S
- Page 85 and 86: 10.1 Kerio MailServer CertificateFi
- Page 87: 10.1 Kerio MailServer Certificate
- Page 91 and 92: 10.2 Install certificates on client
- Page 93 and 94: 10.2 Install certificates on client
- Page 95 and 96: 11.3 LanguageIf there is one of the
- Page 97 and 98: 11.3 LanguageFigure 11.1Dictionary
- Page 99 and 100: 12.2 Time IntervalsClick on Add to
- Page 101 and 102: 12.3 Setting Remote AdministrationF
- Page 103 and 104: 10312.3 Setting Remote Administrati
- Page 105 and 106: 13.2 Creating a user accountWarning
- Page 107 and 108: 13.2 Creating a user accountFigure
- Page 109 and 110: 13.2 Creating a user accountStore p
- Page 111 and 112: 13.2 Creating a user accountNote: T
- Page 113 and 114: 13.2 Creating a user accountFigure
- Page 115 and 116: 13.3 Editing User AccountNote: When
- Page 117 and 118: 13.5 Removing user accountsKerio Ma
- Page 119 and 120: 13.9 Administration of mobile devic
- Page 121 and 122: 13.9 Administration of mobile devic
- Page 123 and 124: 13.10 Import Users• MailAddress
- Page 125 and 126: 13.10 Import UsersFor detailed info
- Page 127 and 128: 13.10 Import UsersFigure 13.24Impor
- Page 129 and 130: 13.12 User Account TemplatesNote: C
- Page 131 and 132: Chapter 14User groupsUser accounts
- Page 133 and 134: 14.1 Creating a User GroupGroup add
- Page 135 and 136: 14.1 Creating a User GroupPublish t
- Page 137 and 138: 15.1 Mail Delivery over the Interne
10.2 Install certificates on client stations• If MS Entourage is used and its services are planned to be secured by SSL encryption. Insuch a case, it is necessary to install the certificate, otherwise the communication will notwork.• For connections to <strong>Kerio</strong> WebMail over HTTPS. If the certificate is not installed, an alertwarning of the fact is displayed upon each login (see figure 10.1).The simplest way to install a certificate is to use a web browser.Installation in Internet ExplorerInternet Explorer is helpful where the certificate is to be installed to the MS Outlook store(Internet Explorer and MS Outlook share the same certificate store) or where connection to<strong>Kerio</strong> WebMail is to be performed over HTTPS.To install a certificate, follow these instructions:1. Run Internet Explorer and specify the corresponding URL to login to <strong>Kerio</strong> WebMail. SSLsecuredprotocol must be used for the connection to the server. This implies that the URLshould start with https:// (example: https://mail.company.com/).2. The Security Alert dialog will be opened (see figure 10.1). In this dialog, click on Viewcertificate.3. In the dialog with certificate details displayed, click on the Install certificate button.4. A certificate installation wizard is opened. There is nothing to be set in the wizard. Simplyconfirm all settings and close the wizard to install the certificate.Installation in SafariSSL certificate is required whenever applications are to communicate with <strong>Kerio</strong> MailServerby SSL-secured services. The <strong>Kerio</strong> MailServer certificate can be installed by using the Safaribrowser (simply connect to the <strong>Kerio</strong> WebMail interface via https://):1. Run Safari and specify the corresponding URL to login to <strong>Kerio</strong> WebMail. SSL-securedprotocol must be used for the connection to the server. This implies that the URL shouldstart with https:// (example: https://mail.company.com/).2. Before the <strong>Kerio</strong> WebMail’s login page is opened, an alert is displayed informing that thesystem is not able to authorize the server to which you are connecting since the certificateis authorized by an unknown authority (see figure 10.5).3. The alert dialog contains the Show certificate button. Click on it to show the certificate(see figure 10.6).89