16.2  Install certificates on client stations

Only in the following cases it is necessary to install certificate on the client station:

The simplest way to install a certificate is to use a web browser.

Installation in Internet Explorer

Internet Explorer is helpful where the certificate is to be installed to the MS Outlook store (Internet Explorer and MS Outlook share the same certificate store) or where connection to Kerio WebMail is to be performed over HTTPS.

To install a certificate, follow these instructions:

  1. Run Internet Explorer and specify the corresponding URL to login to Kerio WebMail. SSL-secured protocol must be used for the connection to the server. This implies that the URL should start with https:// (example: https://mail.company.com/).

  2. The Security Alert dialog will be opened (see figure 16.1  Security Alert). In this dialog, click on View certificate.

  3. In the dialog with certificate details displayed, click on the Install certificate button.

  4. A certificate installation wizard is opened. There is nothing to be set in the wizard. Simply confirm all settings and close the wizard to install the certificate.

Installation in Safari

SSL certificate is required whenever applications are to communicate with Kerio MailServer by SSL-secured services. The Kerio MailServer certificate can be installed by using the Safari browser (simply connect to the Kerio WebMail interface via https://):

  1. Run Safari and specify the corresponding URL to login to Kerio WebMail. SSL-secured protocol must be used for the connection to the server. This implies that the URL should start with https:// (example: https://mail.company.com/).

  2. Before the Kerio WebMail's login page is opened, an alert is displayed informing that the system is not able to authorize the server to which you are connecting since the certificate is authorized by an unknown authority (see figure 16.4  Alert on an untrustworthy certificate).

    Alert on an untrustworthy certificate

    Figure 16.4. Alert on an untrustworthy certificate


  3. The alert dialog contains the Show certificate button. Click on it to show the certificate (see figure 16.5  Certificate Details).

    Certificate Details

    Figure 16.5. Certificate Details


  4. Use the mouse pointer to move the certificate's icon to the desktop, as shown at figure 16.6  Moving the certificate to the desktop.

    Moving the certificate to the desktop

    Figure 16.6. Moving the certificate to the desktop


Now the Mac OS X version plays role. For Mac OS X 10.4, apply the following procedure:

  1. On the desktop, click on the certificate. In the Add Certificates dialog box (see figure 16.7  The Add Certificates dialog box), select the X509Anchors store type in the Keychain menu. The X509Anchors store includes saved certificates which can sign and thus make trustworthy other certificates. It also stores all trustworthy certificates.[5]

    The Add Certificates dialog box

    Figure 16.7. The Add Certificates dialog box


  2. Administration password is required if you are not logged in as a root user or as an administrator.

  3. Along with the Add Certificates dialog, the Keychain Access store is opened. If not, it can be found in Applications → Utilities → Keychain Access.

  4. In the Keychain Access application, switch to the Certificates tab.

  5. Check that the certificate has appeared in the certificate list.

For Mac OS X 10.5 Leopard, follow these instructions:

  1. On the desktop, click on the certificate. In the Add Certificates window (see figure 16.8  The Add Certificates dialog box), select the System option in the Keychain menu (all system users will be allowed to use the certificate) or Login (only authenticated users will be allowed to use the certificate). Click OK to confirm changes.

    The Add Certificates dialog box

    Figure 16.8. The Add Certificates dialog box


  2. The Keychain Access application is started, asking for confirmation that you really want to install the certificate. Confirm the dialog by entering username and password for an account with administration rights.

Installation on mobile devices

To install SSL certificate on mobile devices, use Internet Explorer. Import and installation processes vary, depending on a device type. Instructions on installation of SSL-certificates for all supported devices can be found in chapter 36.4  SSL encryption.



[5] Certificates work only if they are in the X509 format, encoded by Base64. If a certificate does not meet these conditions, it is possible to convert it by a special application, Microsoft Cert Manager. This application can be found under Applications → Microsoft Office → Office → Microsoft Cert Manager. However, in this case usage of the application would be irrelevant. Kerio MailServer creates certificates in the X509 format, encoded by Base64.