GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Kerio 9.4, Letsencrypt and Multiple Domains
Kerio 9.4, Letsencrypt and Multiple Domains [message #150915] Fri, 21 January 2022 15:43 Go to next message
dbosiljevac is currently online  dbosiljevac
Messages: 15
Registered: April 2015
Hey all,

I have several domains that I host on my instance of KC. I currently use an NGINX proxy with Certbot in front of my KC for automatic LetsEncrypt certificate renewal on the all domains. Basically, I get a single certificate issued with multiple SAN names.

Has anyone successfully implemented the new KC 9.4 LetsEncrypt functionality with multiple domains?

Thanks,

Dave
Re: Kerio 9.4, Letsencrypt and Multiple Domains [message #150946 is a reply to message #150915] Tue, 25 January 2022 09:01 Go to previous messageGo to next message
ikheetleon is currently offline  ikheetleon
Messages: 31
Registered: January 2008
Yes, I have. You can create multiple Let'sEncrypt certificates (Kerio v9.4). You cannot create SAN's. So for each domainname, you have to create a separate certificate. Keep in mind that if you use the autodiscover feature, that you also need an additional certificate for this.

In my case I have 7 domains running on Kerio, so I have 14 Lets Encrypt certificates.

webmail.domain1.tld
autodiscover.domain1.tld
webmail.domain2.tld
autodiscover.domain2.tld
Re: Kerio 9.4, Letsencrypt and Multiple Domains [message #150948 is a reply to message #150946] Tue, 25 January 2022 16:59 Go to previous messageGo to next message
dbosiljevac is currently online  dbosiljevac
Messages: 15
Registered: April 2015
Interesting. How does that work with the HTTPS server built into Kerio? Are all certificates considered "active" and the HTTPS process uses all of them?

I thought a single HTTPS process could only use a single certificate at a time.

Thanks,

Dave
Re: Kerio 9.4, Letsencrypt and Multiple Domains [message #150955 is a reply to message #150948] Wed, 26 January 2022 16:52 Go to previous messageGo to next message
ikheetleon is currently offline  ikheetleon
Messages: 31
Registered: January 2008
There is one default/standard certificate, the rest is additional.

This is the method used: https://en.wikipedia.org/wiki/Server_Name_Indication
Re: Kerio 9.4, Letsencrypt and Multiple Domains [message #150956 is a reply to message #150955] Wed, 26 January 2022 19:14 Go to previous message
dbosiljevac is currently online  dbosiljevac
Messages: 15
Registered: April 2015
Thanks. Ironically, I read that same Wikipedia article yesterday.

Previous Topic: How many users
Next Topic: MFA IP whitelist
Goto Forum:
  


Current Time: Mon Oct 02 05:51:54 CEST 2023

Total time taken to generate the page: 0.05534 seconds