Only in the following cases it is necessary to install certificate on the client station:
If MS Outlook extended by the Kerio Outlook Connector is used on the station and secured HTTP traffic is desired between the server and the client (typically when the Free/Busy server is used). In such a case, it is necessary to install the certificate, otherwise the communication will not work.
If MS Entourage is used and its services are planned to be secured by SSL encryption. In such a case, it is necessary to install the certificate, otherwise the communication will not work.
For connections to Kerio WebMail over HTTPS. If the certificate is not installed, an alert warning of the fact is displayed upon each login (see figure 16.1 Security Alert).
The simplest way to install a certificate is to use a web browser.
Internet Explorer is helpful where the certificate is to be installed to the MS Outlook store (Internet Explorer and MS Outlook share the same certificate store) or where connection to Kerio WebMail is to be performed over HTTPS.
To install a certificate, follow these instructions:
Run Internet Explorer and specify the corresponding URL to login to Kerio WebMail. SSL-secured protocol must be used for the connection to the server. This implies that the URL should start with https://
(example: https://mail.company.com/
).
The Security Alert dialog will be opened (see figure 16.1 Security Alert). In this dialog, click on .
In the dialog with certificate details displayed, click on the
button.A certificate installation wizard is opened. There is nothing to be set in the wizard. Simply confirm all settings and close the wizard to install the certificate.
SSL certificate is required whenever applications are to communicate with Kerio MailServer by SSL-secured services. The Kerio MailServer certificate can be installed by using the Safari browser (simply connect to the Kerio WebMail interface via https://
):
Run Safari and specify the corresponding URL to login to Kerio WebMail. SSL-secured protocol must be used for the connection to the server. This implies that the URL should start with https://
(example: https://mail.company.com/
).
Before the Kerio WebMail's login page is opened, an alert is displayed informing that the system is not able to authorize the server to which you are connecting since the certificate is authorized by an unknown authority (see figure 16.4 Alert on an untrustworthy certificate).
The alert dialog contains the 16.5 Certificate Details).
button. Click on it to show the certificate (see figureUse the mouse pointer to move the certificate's icon to the desktop, as shown at figure 16.6 Moving the certificate to the desktop.
Now the Mac OS X version plays role. For Mac OS X 10.4, apply the following procedure:
On the desktop, click on the certificate. In the Add Certificates dialog box (see figure 16.7 The Add Certificates dialog box), select the X509Anchors store type in the Keychain menu. The X509Anchors store includes saved certificates which can sign and thus make trustworthy other certificates. It also stores all trustworthy certificates.[5]
Administration password is required if you are not logged in as a root user or as an administrator.
Along with the Add Certificates dialog, the Keychain Access store is opened. If not, it can be found in .
In the Keychain Access application, switch to the Certificates tab.
Check that the certificate has appeared in the certificate list.
For Mac OS X 10.5 Leopard, follow these instructions:
On the desktop, click on the certificate. In the Add Certificates window (see figure 16.8 The Add Certificates dialog box), select the System option in the Keychain menu (all system users will be allowed to use the certificate) or Login (only authenticated users will be allowed to use the certificate). Click OK to confirm changes.
The Keychain Access application is started, asking for confirmation that you really want to install the certificate. Confirm the dialog by entering username and password for an account with administration rights.
To install SSL certificate on mobile devices, use Internet Explorer. Import and installation processes vary, depending on a device type. Instructions on installation of SSL-certificates for all supported devices can be found in chapter 36.4 SSL encryption.
[5] Certificates work only if they are in the X509 format, encoded by Base64. If a certificate does not meet these conditions, it is possible to convert it by a special application, Microsoft Cert Manager. This application can be found under . However, in this case usage of the application would be irrelevant. Kerio MailServer creates certificates in the X509 format, encoded by Base64.