Ref: https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html
If you want to send or receive messages signed by root authorities and these authorities are not installed on the server, you must add a trusted manually.
Use the following steps to add or remove trusted root certificates to/from a server.
Mac OS X
| Add | Use command: sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt |
| Remove | Use command: sudo security delete-certificate -c "<name of existing certificate>" |
Windows
| Add | Use command: certutil -addstore -f "ROOT" new-root-certificate.crt |
| Remove | Use command: certutil -delstore "ROOT" serial-number-hex |
Linux (Ubuntu, Debian)
| Add | - Copy your CA to
dir /usr/local/share/ca-certificates/ - Use command:
sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt - Update the CA store:
sudo update-ca-certificates
|
| Remove | - Remove your CA.
- Update the CA store:
sudo update-ca-certificates --fresh
|
NOTE
Restart Kerio Connect to reload the certificates in the 32-bit versions or Debian 7.
Linux (CentOs 6)
| Add | - Install the ca-certificates package:
yum install ca-certificates - Enable the dynamic CA configuration feature:
update-ca-trust force-enable - Add it as a new file to /etc/pki/ca-trust/source/anchors/:
cp foo.crt /etc/pki/ca-trust/source/anchors/ - Use command:
update-ca-trust extract
|
NOTE
Restart Kerio Connect to reload the certificates in the 32-bit version.
Linux (CentOs 5)
| Add | Append your trusted certificate to file /etc/pki/tls/certs/ca-bundle.crt cat foo.crt >>/etc/pki/tls/certs/ca-bundle.crt
|
NOTE
Restart Kerio Connect to reload the certificates in the 32-bit version.
No comments:
Post a Comment