Here are example commands for generating your own Certificate Authority, and signing your own keys to distribute to end users.
openssl req -newkey rsa:512 -nodes -out ca.csr -keyout ca.keyFill in the questions. Use relevant data, but this information is only for you.
Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Texas Locality Name (eg, city) []:Dallas Organization Name (eg, company) [Internet Widgits Pty Ltd]:CrushFTP Organizational Unit Name (eg, section) []:Development Common Name (eg, YOUR name) []:www.domain.com Email Address []:ben@crushftp.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:Now we get our private key for signing.
openssl x509 -req -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem echo "02" > ca.srlAnd finally, we import the public key for our signing into our trust store so we can validate all signed keys user's submit. This files name "crush.keystore_trust" is specific. It must be in the same folder as the real keystore file for the server port, and must have the exact same name and password, except its name ends with "_trust". So in this case we expect to have a keystore named "crush.keystore".
keytool -import -alias crushftp_ca -keystore crush.keystore_trust -trustcacerts -file ca.pem -storepass password
Now from here on, we just generate new signed certs for your clients. The key part is to set their username to be "NOLOGIN_myuser" if you want to force them to still enter a user/pass. Otherwise if you set their common name to a valid username, they will be able to login without a user/pass.
openssl req -newkey rsa:512 -nodes -out myuser.req -keyout myuser.key openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in myuser.req -out myuser.pem -days 365 openssl pkcs12 -export -clcerts -in myuser.pem -inkey myuser.key -out myuser.p12 -name "myuser_certificate"
Add new attachment
Only authorized users are allowed to upload new attachments.
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
|---|---|---|---|---|---|---|
jpg |
Clipboard01.jpg | 262.2 kB | 1 | 29-Dec-2020 05:25 | Ada Csaba | |
jpg |
Clipboard02.jpg | 50.9 kB | 1 | 29-Dec-2020 05:25 | Ada Csaba | |
jpg |
Clipboard03.jpg | 93.9 kB | 1 | 29-Dec-2020 05:25 | Ada Csaba | |
jpg |
Clipboard04.jpg | 281.0 kB | 1 | 29-Dec-2020 05:25 | Ada Csaba | |
jpg |
Clipboard05.jpg | 157.8 kB | 1 | 29-Dec-2020 05:25 | Ada Csaba | |
jpg |
Clipboard06.jpg | 176.1 kB | 1 | 29-Dec-2020 05:25 | Ada Csaba | |
jpg |
Clipboard07.jpg | 153.7 kB | 1 | 29-Dec-2020 05:25 | Ada Csaba | |
jpg |
Clipboard08.jpg | 180.0 kB | 1 | 29-Dec-2020 05:25 | Ada Csaba | |
jpg |
Clipboard09.jpg | 73.7 kB | 1 | 29-Dec-2020 05:25 | Ada Csaba | |
jpg |
Clipboard10.jpg | 118.9 kB | 2 | 29-Dec-2020 05:25 | Ada Csaba | |
jpg |
Clipboard11.jpg | 118.9 kB | 1 | 29-Dec-2020 05:25 | Ada Csaba |
«
This particular version was published on 29-Dec-2020 05:25 by Ben Spink.
G’day (anonymous guest)
Log in
CrushFTP10 | What's New
- WebInterface
- Server Admin
- User Manager
- Client Apps
- CrushBalance Load Balancer
- High Availability
- Self Registration
- Preferences
- Email Templates
- Restrictions
- Replication
- Banning
- Logging
- Encryption
- Alerts
- Folder Monitor
- Tunnels
- Syncs
- User Config
- Search Config
- Preview
- Misc
- Plugins
- FAQ
- API
- Linux Install
- Virtual Linux Server
- Server Variables
- Google Authenticator and Microsoft Authenticator
JSPWiki