Kerio Connect: Use it with free "Let's Encrypt" Certificates on IIS

"Let's Encrypt" is an organisation that provides SSL certificates for free in an automated way. While the use is simple on IIS or Apache web servers, on Kerio Connect it is a bit more complicated as it comes with its own web server. Here is how I set it up (there might be other ways, of course, please feel free to add your comments at the bottom of the page).

First, download "letsencrypt-win-simple" from

https://github.com/Lone-Coder/letsencrypt-win-simple

This tool simplifies and automates the communication with the Let's Encrypt API.

Then, make sure you have IIS enabled on your Windows 2012 R2 Server, but only have a binding to port 80 (port 443 will be used by Kerio Connect). Bind http://mail.yourmaildomain.com to IIS.

Make sure that Kerio Connect only has https enabled and not http.

Now, run letsencrypt.exe from the folder where you downloaded it. When run for the first time, it will ask you for your email address and to accept the TOS. It will present you with all the current bindings from IIS. Choose mail.yourmaildomain.com.

It will now create the certificate for your mail server. Two files are important

mail.yourmaildomain.com-crt.pem
mail.yourmaildomain.com-key.pem

They can be found here:

C:\Users\<username>\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org

From Kerio Web Admin > SSL Certificates, import the certificate and make it the default certificates. Delete any other certificates.

This results in 2 files in

C:\Program Files\Kerio\MailServer\sslcert

server.crt
server.key

You should now be able to go to the Kerio Connect login web page with

https://mail.yourmaildomain.com

If you look at the certificate it should list "Let's Encrypt Authority" as the issuer and it shoul show a green padlock.

Renewal

Let's Encrypt certificates expire after 90 days, so you should create a schedules task that renews the certificates and copies them to

C:\Program Files\Kerio\MailServer\sslcert

overwriting server.crt and server.key

Outlook: Disable Auto-Complete of your own Name

Outlook has an editor feature that suggests to insert your full name whenever you start typing your first name. This is really annoying because you might want to use only your first name for signing off your emails (i.e. "Regards, John", instead of "Regards, John Doe").

You can switch it off, but not in the auto-correct or auto-format options, as you might have expected. Outlook has hidden it under "Quick Parts" and "Building Blocks". Here is how to disable this annoying feature:

  • Create a new e-mail message
  • Make sure you have selected HTML as the mail format ("Format Text" tab > HTML)
  • Click into the body text area and from the "Insert" tab, select "Quick Parts" and then "AutoText"
  • Right-click one of the quick parts and select "Organize and delete", this will open something called the "Building blocks organizer".
  • Remove the Quick Parts containing your name

Voila - the annoying auto-complete of your name is gone.

You can also disable the whole "Auto-Complete" feature, but this will stop all auto-complete functionality:

  • Go to File > Options > Mail > Spelling and AutoCorrect > Advanced
  • Then disable the option "Show AutoComplete suggestions".