GFI Forums: Kerio Connect » SSL Error CRL

Home » GFI User Forums » Kerio Connect » SSL Error CRL (Unable to get certificate CRL)

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

SSL Error CRL [message #137801]

Wed, 29 November 2017 09:12

kam46
Messages: 9
Registered: November 2017
Location: Russia

Hello everybody.
In our mail server (Windows 7 + Kerio Connect) the COMODO certificate is used. After some indefinite time, a warning about CRL appears in the certificate properties (Unable to get certificate CRL). The certificate is validated on the COMODO website.
Why?

Attachment: kerio_connect_SSL-error.JPG
(Size: 32.70KB, Downloaded 1283 times)

Report message to a moderator

Re: SSL Error CRL [message #137802 is a reply to message #137801]

Wed, 29 November 2017 11:45

freakinvibe
Messages: 593
Registered: April 2004

The Root CA needs to access this CRL:

http://crl.comodoca.com/AddTrustExternalCARoot.crl

Is this reachable from the Kerio Connect server?

Dexion Services AG - IT Support Services in Basel, Switzerland
https://dexionag.ch

Report message to a moderator

Re: SSL Error CRL [message #137803 is a reply to message #137802]

Wed, 29 November 2017 11:53

kam46
Messages: 9
Registered: November 2017
Location: Russia

Yes.
URL opened via I.

Report message to a moderator

Re: SSL Error CRL [message #137806 is a reply to message #137801]

Wed, 29 November 2017 16:32

freakinvibe
Messages: 593
Registered: April 2004

In my opinion it should work then. Maybe you can see something in the error/warning log.

Or switch on Network Connections and SSL in the debug log.

Dexion Services AG - IT Support Services in Basel, Switzerland
https://dexionag.ch

Report message to a moderator

Re: SSL Error CRL [message #137807 is a reply to message #137806]

Wed, 29 November 2017 16:43

kam46
Messages: 9
Registered: November 2017
Location: Russia

Debug log:

[29/Nov/2017 18:37:11][5468] {conn} Connection from 10.10.0.61:51734 to 10.10.0.2:443, socket 52976.
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL handshake started: before/accept initialization
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:before/accept initialization
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:error in SSLv2/v3 read client hello A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 Client requests server by name: mail.insigma.ru
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 Found ssl context for connection by name: mail.insigma.ru
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 read client hello A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write server hello A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write certificate A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write key exchange A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write server done A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 flush data
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:error in SSLv3 read client certificate A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:error in SSLv3 read client certificate A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 read client key exchange A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 read certificate verify A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 read finished A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write session ticket A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write change cipher spec A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 write finished A
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL_accept:SSLv3 flush data
[29/Nov/2017 18:37:11][5468] {conn} SSL debug: id 000000000C9ECF00 SSL handshake done: SSL negotiation finished successfully
[29/Nov/2017 18:37:11][5468] {conn} Established secure server connection from 10.10.0.61:51734 to 10.10.0.2:443 using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384, id 000000002BCE3E28
[29/Nov/2017 18:37:11][4316] {conn} SSL debug: id 000000000C979CA0 SSL3 alert read:warning:close notify
[29/Nov/2017 18:37:11][4316] {conn} SSL debug: id 000000000C979CA0 SSL3 alert write:warning:close notify
[29/Nov/2017 18:37:11][4316] {conn} Closing socket 31952

Report message to a moderator

Re: SSL Error CRL [message #137809 is a reply to message #137807]

Wed, 29 November 2017 18:56

Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California

It seems you haven't added the intermediate certificate. You can validate your domain using sslshopper.com and it will show you any errors. Instructions for installing the intermediate certificate is described here toward the bottom http://manuals.gfi.com/en/kerio/connect/content/server-confi guration/ssl-certificates/configuring-ssl-certificates-in-ke rio-connect-1132.html

Brian Carmichael
Instructional Content Architect

Report message to a moderator

Re: SSL Error CRL [message #137810 is a reply to message #137809]

Wed, 29 November 2017 19:37

kam46
Messages: 9
Registered: November 2017
Location: Russia

yep... already understood( in our Kerio Control there were no intermediate certificates. Now added them.
sorry for my English. Critically not enough time to learn the English. It is very unfortunate that the GFI closed the support of the Russian-speaking(
Very lack of advice and knowledge of Svetlana.

Report message to a moderator

Re: SSL Error CRL [message #146411 is a reply to message #137810]

Tue, 13 August 2019 16:41

terosufix
Messages: 1
Registered: August 2019

Hi how did you solve this problem? (Привет. Подскажи, как ты победил?)
I've got some extra files with my sert named (Мне вместе с моим сертификатом, пришло еще несколько файлов):
AddTrustExternalCARoot
SectigoRSADomainValidationSecureServerCA
USERTrustRSAAddTrustCA
I even tried to split all this files into my sert file (put data from others below my sert data), but don't get the result. (пытался слепить файлы в один файл моего сертификата, вставляя данные из других в него, но это не дало результатов).

Report message to a moderator

Re: SSL Error CRL [message #147514 is a reply to message #146411]

Sat, 08 February 2020 12:04

ZZZKOT
Messages: 27
Registered: September 2019

terosufix wrote on Tue, 13 August 2019 16:41

Hi how did you solve this problem? (Привет. Подскажи, как ты победил?)
I've got some extra files with my sert named (Мне вместе с моим сертификатом, пришло еще несколько файлов):
AddTrustExternalCARoot
SectigoRSADomainValidationSecureServerCA
USERTrustRSAAddTrustCA
I even tried to split all this files into my sert file (put data from others below my sert data), but don't get the result. (пытался слепить файлы в один файл моего сертификата, вставляя данные из других в него, но это не дало результатов).

Hi!

Have same warning, how u fix this?

Report message to a moderator

Previous Topic:	Kerio Connect on Mac OS Catalina
Next Topic:	Cannot connect to MyKerio

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sat Jun 10 07:00:33 CEST 2023

Total time taken to generate the page: 0.02423 seconds