GFI Forums: Kerio Connect » SHA1 certificate end 1.2017 in most browsers

Home » GFI User Forums » Kerio Connect » SHA1 certificate end 1.2017 in most browsers

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

SHA1 certificate end 1.2017 in most browsers [message #132762]

Wed, 09 November 2016 17:43

AndreasL
Messages: 126
Registered: July 2008
Location: Germany

beginning from 1. january 2017 most common browsers dont accept https connections with SHA1 certificates. I check my Kerio Connect (9.0.4 patch 1 (1154)) with https://www.ssllabs.com/ssltest/analyze.html and get Signature algorithm SHA1withRSA WEAK

Right now I cant update my Kerio to 9.2. This system running a 32bit platform now and need to be replaced first. Can you tell me that Kerio 9.2 generatess self signed SHA256 certificates?

What else can I do to get an working SHA256 cert without paying for it and how I insert it in Kerio?

Report message to a moderator

Re: SHA1 certificate end 1.2017 in most browsers [message #132763 is a reply to message #132762]

Wed, 09 November 2016 17:55

Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California

Kerio Connect uses SHA-256 for newly generated certs since version 8.5.
You can get a free cert from Startcom, however they may become untrusted by Google, Apple, and Microsoft very soon. I suggest purchasing a CA signed certificate through enom.com. They resell GeoTrust and Comodo Class 1 certs at a very aggressive price.

Brian Carmichael
Instructional Content Architect

Report message to a moderator