Overview

Sometimes, the MyKerio connection cannot be established, as a result managing a Kerio Connect appliance from a remote address is not possible. If you check the debug logs, with MyKerio logging enabled, you will find entries such as:

{mykerio} The certificate '*.kerio.com' was not validated.
{mykerio} Failed to verify SSL certificate: (19) self signed certificate in certificate chain.

This article describes the process of resolving this issue.

 

---

Prerequisites

Linux Kerio Connect installations such as CentOS, Ubuntu, Debian.

SSH access to the Linux server

 

---

Diagnosis

• The standard certificate packages on CentOS/Debian are not up-to-date.
• SSL certificate is not being updated automatically.

 

Back to Top 

---

Solution

1. Login as root user to the server.

2. Upgrade currently installed system packages in your Linux server.

   1. Debian: apt-get upgrade
   2. RPM: yum upgrade

3. Install gnupg2-smime (optional).

4. Restart the machine.

5. (Optional) If the Kleopatra tool is installed on CentOS:

   1. Open the terminal and run Kleopatra.
   2. Navigate to Settings > Configure Kleopatra > GnuPg System > gpg agent.
   3. Select the option: Allow clients to mark key as trusted.

6. Run the following command:

   curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt

   Note: For Debian-based servers, the certificates should be added to the /etc/ssl/localcerts folder.

7. Add the trusted root certificate to the server:

   update-ca-trust enable
   update-ca-trust extract

 

Back to Top

---

Confirmation

The MyKerio connection displays Ready.

 

Back to Top