I was trying to be a little generic and generated the CSR for an SSL certificate for a clients’ new Kerio Connect mail server using the built-in Certificates functionality within Mac OS X Server Admin.
Once the certificate has been signed, it was very easy to import the signed certificate back into Mac OS X Server.
What was not clear was how to subsequently export the private key from the Mac OS X keychain so I could use it with Kerio Connect.
Found this very useful article on macosx.com with the “trick” to exporting private keys from the System keychain in Mac OS X Server.
That, however, is only have the trick. Once you have a .p12 file from Keychain Access, you need to further convert it back to a PEM formatted .key file for use with Kerio Connect.
openssl pkcs12 -in host.domain.p12 -nocerts -nodes -out host.domain.key
That does it… then you can go to the Kerio Administration interface, and select SSL Certificates under Configuration, and import the key and the certificate.
Set the new certificate as Active and then restart Kerio Connect and it is all good!