View Attach Info

Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-6) was last changed on 09-Oct-2016 18:14 by Ben Spink

This page was created on 09-Oct-2016 18:14 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 5 changed one line
}}}
Fill in the questions. Use relevant data, but this information is only for you.
{{{
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Texas
Locality Name (eg, city) []:Dallas
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CrushFTP
Organizational Unit Name (eg, section) []:Development
Common Name (eg, YOUR name) []:www.domain.com
Email Address []:ben@crushftp.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
}}}
Now we get our private key for signing.
{{{
At line 8 changed 8 lines
keytool -genkey -alias crushftp -keyalg RSA -keysize 512 -keystore crush.keystore -storepass password
keytool -certreq -keyalg RSA -alias crushftp -file crushftp.csr -keystore crush.keystore -storepass password
openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in crushftp.csr -out crushftp.crt -days 365
keytool -import -alias crushftp_ca -keystore crush.keystore -trustcacerts -file ca.pem -storepass password
keytool -import -alias crushftp -keystore crush.keystore -file crushftp.crt -storepass password
}}}
And finally, we import the public key for our signing into our trust store so we can validate all signed keys user's submit. This files name "crush.keystore_trust" is specific. It must be in the same folder as the real keystore file for the server port, and must have the exact same name and password, except its name ends with "_trust". So in this case we expect to have a keystore named "crush.keystore".
{{{
At line 19 changed one line
Now from here on, I just generate new signed certs for my clients: (making sure I give them valid common names that match usernames in CrushFTP.)
Now from here on, we just generate new signed certs for your clients. The key part is to set their username to be "NOLOGIN_myuser" if you want to force them to still enter a user/pass. Otherwise if you set their common name to a valid username, they will be able to login without a user/pass.
Version Date Modified Size Author Changes ... Change note
6 09-Oct-2016 18:14 2.78 kB Ben Spink to previous
5 09-Oct-2016 18:14 2.689 kB Ben Spink to previous | to last
4 09-Oct-2016 18:14 2.056 kB Ben Spink to previous | to last
3 09-Oct-2016 18:14 1.395 kB Ben Spink to previous | to last
2 09-Oct-2016 18:14 1.681 kB Ben Spink to previous | to last
1 09-Oct-2016 18:14 1.815 kB Ben Spink to last
« This page (revision-6) was last changed on 09-Oct-2016 18:14 by Ben Spink
G’day (anonymous guest)

OLD WIKI!!!#

New: CrushFTPv9#

OLD WIKI!!!#


CrushFTP8 | What's New

Referenced by
Encryption
HTTP(S)
IP Servers

JSPWiki