[11/Sep/2019 07:29:16] cert_mgr.cpp: Cannot open SSL certificate file C:\Program Files\Kerio\MailServer/sslcert/server1.crt : error:02001002:system library:fopen:No such file or directory

• server.crt
  
• server.key
  
• server1.key
  

I've discovered that we have a SSL certificate problem. When I check Configuration - SSL Certificates - Certificate Details, I see the warning "Untrusted certificate - unable to get certificate CRL".

I then checked the Kerio Connect Error Log and found that this has been a problem since last year. The repeating error is

Quote:

[11/Sep/2019 07:29:16] cert_mgr.cpp: Cannot open SSL certificate file C:\Program Files\Kerio\MailServer/sslcert/server1.crt : error:02001002:system library:fopen:No such file or directory

I checked the directory referenced in the error message and indeed there was no file "server1.crt". There were three files...

• server.crt
  
  
• server.key
  
  
• server1.key
  

I searched our backup files and could find no instance of "server1.crt".

We got the key from GoDaddy in 2018 and it was supposed to be good for 11/5/2018 - 11/5/2020.

Do I need to delete and then re-install the certificate?

• In Kerio Connect Console
  
• In Kerio Connect Console, go to Configuration - SSL Certificate.
  
• Open New - New Certificate Request.
  
• Fill in the hostname. I filled in the other fields accept "Organization unit" but that doesn't get used in the certificate. Then click "OK".
  
• Open the resulting .csr entry and copy the contents of the encrypted text box.
  
• Log into GoDaddy acct.
  
• Go to the "Certificates" page.
  
• Select the certificate you want to process.
  
• Select "ReKey & Manage".
  
• Click the "+" icon next to "Rekey certificate".
  
• Paste the text you copied from the Kerio .csr into the CSR text box on GoDaddy.
  
• Click "Save".
  
• Click "Submit All Saved Changes".
  
• Go back to the "Certficates" screen. You should see a "Pending" status. This will update ( in my case about 3 minutes).
  
• When the status changes to "Certificate issued", click on the certificate name.
  
• In the next screen, click on "Download"
  
• In the next screen, click the "Server Type" drop-down and select "Other".
  
• Then click "Download Zip File".
  
• Save the file to a location accessible to your Kerio Connect server.
  
• Unzip the file.
  
• In Kerio Connect Console, go to Configuration - SSL Certificate.
  
• Select "Import - "Import Signed Certificate from CA"
  
• In the resulting screen, click on "Select" from the "Certificate file" box.
  
• Navigate to where you unzipped the GoDaddy file and select the .crt file with the hexedicimal name.
  
• Click "Import". Now there will be two "Go Daddy Secure Certificate Authority - G2" entries. In our case, the non-funtioning one will have an amber "!" next to it and the other will have a green "checkmark".
  
• Opposite mouse-click on the green certificate and make it the default.
  
• Remove the non-functioning certificate.