| SSL Certificate confusion [message #128492] |
Tue, 15 March 2016 09:43  |
m.sand
Messages: 22
Registered: July 2008
Location: Sweden
|
|
|
|
Hi,
using Kerio 9.0.2 on Linux and trying to get rid of the Certification Warnings in Chrome. The RapidSSL certificate I currently have is a SHA256 but issued back in 2014 so the root is using RapidSSL SHA-1 root CA Certificate.
In my attempts to fix this I have ended up with multiple Active Certificates and one Default Certificate. They are all still valid (expiring in 2017).
When I generate a CSR and issue it to RapidSSL to get a SHA256 Certificate I get the missing private key error when I try to import the CSR + intermediate certificate.
This leads me to think Kerio is generating the CSR from some other private key (I have 6 .key files in /opt/kerio/mailserver/sslcert, been using kerio for 8 years).
I have tried selecting a certificate in the admin interface and then click the CSR button but same problem.
Question:
I have read in the KB that if the key and crt files are removed from /opt/kerio/mailserver/sslcert Kerio will generate a new self-signed certificate.
Anyone think this would this help me to generate a CSR, get the certificate and then be up and running again?
Sincerely,
/Mattias
|
|
|
|
| Re: SSL Certificate confusion [message #129085 is a reply to message #128492] |
Tue, 19 April 2016 11:29  |
ArthurV
Messages: 7
Registered: February 2016
Location: Amsterdam
|
|
|
|
|
I'd say you have to import the returned certificate file (which could be the certificate text + intermediate text) PLUS the key that was used at the time the CSR (to obtain the certificate) was made. To make sure which key was generated during the CSR you could probably give this private key a helpfull filename. You could find it by date (same date as the corresponding CSR).
|
|
|
|
| Re: SSL Certificate confusion [message #129100 is a reply to message #129085] |
Wed, 20 April 2016 07:23 |
m.sand
Messages: 22
Registered: July 2008
Location: Sweden
|
|
|
|
I shut down Kerio, cleaned out all files from the sslcert directory and restarted. Created a new CSR and re-issued the certificate from RapidSSL. All is now well.
Thanks,
/Mattias
|
|
|
|
Members
Search
Help
Register
Login
Home
