Note: If your certificate authority uses intermediate certificates, follow the steps in intermediate certificates before importing the certificate. Once you obtain your certificate signed by a certification authority, click on Import > Import Signed Certificate from CA. Save the certificate to your disk and send it to a certification authority.Select the certificate and click on the Export > Export Request button.Open section Configuration > SSL Certificates and click on New > New Certificate Request.To use a certificate signed by a trustworthy certification authority, you must first generate a certificate request, send it to a certification authority, and import a signed certificate upon receiving it. To enable the server to use this certificate, select the certificate and click on the Set as Default button ( Set as Active in older versions).Ĭreating certificates signed by a certification authority Go to section Configuration > SSL Certificates.To create a self-signed certificate, follow these steps: If you have multiple intermediate certificates, add them one by one to the server certificate file.If a certificate expires and you have already imported a new valid certificate to Kerio Connect for the same domain, delete the old certificate or restart the server to use the new valid certificate.Expired certificate for the domain hostname.Valid certificate for the domain hostname.Self-signed certificate for the domain hostname.Trusted certificate for the domain hostname.If multiple certificates exist for a single domain, Kerio Connect selects a certificate according to the following order: Kerio Connect then selects and uses the appropriate certificate. Since Kerio Connect 9.0.2, you can import certificates for different domains to Kerio Connect. Note: Subject alternative names (SAN) SSL certificates are not supported. Private key - the file is in RSA format and it has suffix.Certificate (public key) - X.509 Base64 in text format (PEM).Kerio Connect supports certificates in the following formats: Only STARTTLS and/or IMAPS connections should be allowed then, to add another layer of security.To make the communication as secure as possible, you can disable all unsecured services or set appropriate security policies. NTLM is not supported by MailStore, but can be enabled.īe aware that disabling these authentication methods force IMAP clients to send user passwords as plain text to Kerio Connect. Navigate to Configuration > Security > Security policy > Enabled authentication methods and disable CRAM-MD5 and DIGEST-MD5 authentication methods. Either the authentication method PLAIN or LOGIN or both must be enabled. Solution: Log in into Kerio Connect's admin interface. Therefore, the authentication always fails. When Kerio Connect is synchronized with an Active Directory, it never has access to the users' passwords. These methods require that Kerio Connect knows the clear text password of the user. When the IMAP server offers CRAM-MD5 or DIGEST-MD5 authentication in its capabilities, MailStore will use these authentication methods only. Problem: Kerio Connect is synchronized with an Active Directory and MailStore is synchronized with Kerio Connect. User authentication with Standard Authentication fails.Ĭause: When a user wants to log in to MailStore, MailStore passes the given user credentials to Kerio Connect's IMAP server. The MailStore user's "Login Name" has to be entered as username which is usually the user's email address. ![]() You have to use "Standard Authentication". Solution: MailStore's "Windows Authentication" only works, when MailStore is synchronized with an Active Directory directly. User authentication with Windows Authentication fails. Problem: Kerio Connect is synchronized with an Active Directory and MailStore is synchronized with Kerio Connect. Solution: Replace the certificate used by Kerio with a certificate that is trusted by MailStore or enable the option Ignore SSL Warnings in the directory services Authentication section. ![]() The connection to the IMAP server cannot be established and the provided credentials cannot be verified. Problem: MailStore connects to the Kerio IMAP server via IMAP-TLS or IMAP-SSL and the Kerio IMAP server is using a certificate that is not trusted by MailStore. ![]() Is this attempt successful, the user is able to log in to MailStore. ![]() When a MailStore user tries to log in into MailStore, MailStore passes the provided credentials to the Kerio IMAP servers and performs a log in attempt. Depending on the environment, there are different reasons that the user authentication against Kerio Connect fails.īackground: When the user synchronization is using the Kerio API, the user authentication is performed against Kerio's IMAP server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |