SSL certificates and their use are focused in the manual.
SSL certificates are maintained in section :
A certificate can be created by clicking on button:
If you wish to obtain a full certificate, you must create a certificate request, export it from Kerio Connect and send it to a public certification authority (for example Verisign, Thawte, SecureSign, SecureNet, Microsoft Authenticode and so on).
A full certificate is not necessarily needed. V Kerio Connect, so called self-signed certificate can be created (certificated signed by itself). This certificate ensures security for your clients as it explicitly shows the identity of your server. The clients will be notified by their web browsers that the certification authority is not trustworthy. However, since they know who created the certificate and for what purpose, they can install it.
New Certificate dialogue is the same for creating both a new certificate and a request for a certificate. The Hostname and Country entries are required fields:
Fill in the name of the host on which Kerio Connect is running
The name of your organization.
Fill in only if the organization consists of more than one unit.
Fill in the city where the organization's office is located.
Fill in the state where the organization's office is located.
Choose from the list. This entry is required.
Fill in the time when the certificate is valid.
A new certificate will be used the next time Kerio Connect Engine is started. If you wish to use it immediately, stop the Engine and then start it again.
When confirmed, the server.crt and server.key files are created under sslcert.
Use the button to import a new certificate to Kerio Connect, regardless if certified by a certification authority or a new one.
Use this button to export an active certificate, a certification request or a private key. You can send an exported certificate request to a certification authority.
Using the button you can remove a selection (a certificate or a certification request).