This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Here are example commands for generating your own Certificate Authority, and signing your own keys to distribute to end users.

openssl req -newkey rsa:512 -nodes -out ca.csr -keyout ca.key

openssl x509 -req -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem
echo "02" > ca.srl
keytool -genkey -alias crushftp -keyalg RSA -keysize 512 -keystore crush.keystore -storepass password

keytool -certreq -keyalg RSA -alias crushftp -file crushftp.csr -keystore crush.keystore -storepass password
openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in crushftp.csr -out crushftp.crt -days 365
keytool -import -alias crushftp_ca -keystore crush.keystore -trustcacerts -file ca.pem -storepass password

keytool -import -alias crushftp -keystore crush.keystore -file crushftp.crt -storepass password

keytool -import -alias crushftp_ca -keystore crush.keystore_trust -trustcacerts -file ca.pem -storepass password

openssl req -newkey rsa:512 -nodes -out myuser.req -keyout myuser.key

openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in myuser.req -out myuser.pem -days 365
openssl pkcs12 -export -clcerts -in myuser.pem -inkey myuser.key -out myuser.p12 -name "myuser_certificate"

Now from here on, I just generate new signed certs for my clients: (making sure I give them valid common names that match usernames in CrushFTP.)

openssl req -newkey rsa:512 -nodes -out myuser.req -keyout myuser.key

openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in myuser.req -out myuser.pem -days 365
openssl pkcs12 -export -clcerts -in myuser.pem -inkey myuser.key -out myuser.p12 -name "myuser_certificate"

Add new attachment

Only authorized users are allowed to upload new attachments.
« This particular version was published on 09-Oct-2016 18:14 by Ben Spink.
G’day (anonymous guest)

OLD WIKI!!!#

New: CrushFTPv9#

OLD WIKI!!!#


CrushFTP8 | What's New
JSPWiki