Troubleshooting SSL certificates

Issue Encountered

Kerio Control displays a warning when it detects any certificate-related problems with VPNVirtual private network - A network that enables users connect securely to a private network over the Internet. Clients.

Possible causes

Certificate-related problems are often caused by one of the following issues:

  • The date of the certificate is not valid and you need to generate a new one in Kerio Control.
  • The security certificate has been changed at the server since the last check.
  • The certificate was issued by an untrusted authority. Operating systems where Kerio Control VPN Clients are installed can have a problem with self-signed certificates or certificates issued by your local certification authority.
  • The name referred to the certificate does not match the server name. It means that the name of the server specified in the certificate does not correspond with the name of the server Kerio Control VPN Client is connecting to. This problem occurs when the server uses an invalid certificate or when the server name has changed. However, it can also suggest at an intrusion attempt (a false DNSDomain Name System - A database enables the translation of hostnames to IP addresses and provides other domain related information. record with an invalid IP addressAn identifier assigned to devices connected to a TCP/IP network. has been used).


Certificates can be issued only for servers' DNS names, not for IP addresses.

Possible Solutions

If you consider the Kerio Control server trustworthy, confirm the warning. Kerio Control VPN Client saves the certificate.

Generate a new certificate using Kerio Control. For more information refer to Configuring SSL certificates in Kerio Control.

Export a certificate of the Kerio Control local authority in PEM format to install it to users' browsers. For more information refer to Exporting and importing Kerio Control local authority as root certificate.