Configuring SSL certificates

To secure the PBXPrivate Branch Exchange - System that connects telephone extensions and switches calls. by SSLSecure Sockets Layer - A protocol that ensures integral and secure communication between networks./TLS encryption, you need a SSL certificate. SSL certificates authenticate an identity on a server.

Kerio Operator creates the first self-signed certificate during the installation. The server can use this certificate but users will have to confirm they want to go to an untrustworthy page. To avoid this, generate a new certificate request in Kerio Operator and send it to a certification authority for authentication.

WARNING

If you use the Safari browser in your environment (on Apple iPhone, Apple iPad, Mac OS X systems and on Microsoft Windows), you will not be able to play voice messages in Kerio Phone on their devices with a self-signed certificate. You must have a trustworthy certificate available.

If you use a self-signed certificate, users with Apple mobile devices will not be able to play voice messages in Kerio Phone on their devices. They must have a trustworthy certificate available.

To encrypt the communication between Kerio Operator and hardware phones (and only a self-signed certificate available), you have to import or configure information in the phones that the invalid certificate is to be ignored.

Creating self-signed certificates

To create a self-signed certificate, follow these instructions:

  1. In the Kerio Operator administration interface, open section Definitions > SSL Certificates.
  2. Click New > New Certificate.
  3. In the New Certificate dialog box, type the hostname of Kerio Operator, the official name of your company, city and country where your company resides and the period of validity. The Hostname and Country entries are required fields.
  4. Click OK.
  5. To enable the server to use this certificate, select the certificate and click Set as Active.

Creating certificates signed by certification authority

If you wish to create and use a certificate signed by a trustworthy certification authority, follow these instructions:

  1. In the Kerio Operator administration interface, open section Definitions > SSL Certificates.
  2. Click New > New Certificate Request.
  3. In the New Certificate Request dialog box, type the hostname of Kerio Operator, the official name of your company, city and country where your company resides and the period of validity. The Hostname and Country entries are required fields.
  4. Click OK.
  5. Select the certificate and click Export.
  6. Save the certificate to your disk and email it to a certification organization.
  7. Once you obtain your certificate signed by a certification authority, go to Definitions > SSL Certificates.
  8. Click Import.
  9. To enable the server to use this certificate, select the certificate and click Set as Active.

Intermediate certificates

Kerio Operator supports intermediate certificates.

To add an intermediate certificate to Kerio Operator, follow these steps:

  1. In a text editor, open the server certificate and the intermediate certificate.
  2. Copy the intermediate certificate into the server certificate file and save. The file may look like this:
-----BEGIN CERTIFICATE-----
MIIDOjCCAqOgAwIBAgIDPmR/MA0GCSqGSIb3DQEBBAUAMFMxCzAJBgNVBAYTAl
MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMR0wGwYDVQ
     ..... this is a server SSL certificate ...
ukrkDt4cgQxE6JSEprDiP+nShuh9uk4aUCKMg/g3VgEMulkROzFl6zinDg5grz
QspOQTEYoqrc3H4Bwt8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDMzCCApygAwIBAgIEMAAAATANBgkqhkiG9w0BAQUFADCBxDELMAkGA1UEBh
WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR
     ..... this is an intermediate SSL certificate which 
           signed the server certificate...
5BjLqgQRk82bFi1uoG9bNm+E6o3tiUEDywrgrVX60CjbW1+y0CdMaq7dlpszRB
t14EmBxKYw==
-----END CERTIFICATE-----
  1. In the administration interface, go to section Definitions > SSL Certificates.
  2. Import the modified server certificate by clicking on Import > Import a New Certificate.

NOTE

If you have multiple intermediate certificates, add them one by one to the server certificate file.

Securing Kerio Phone with SSL certificates

For more information about securing Kerio Phone, see the Securing Kerio Phone with SSL certificates section in the Provisioning for Kerio Phone topic.