View Attach Info
This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Here are example commands for generating your own Certificate Authority, and signing your own keys to distribute to end users. 

openssl req -newkey rsa:512 -nodes -out ca.csr -keyout ca.key
Fill in the questions. Use relevant data, but this information is only for you. 
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Texas
Locality Name (eg, city) []:Dallas
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CrushFTP
Organizational Unit Name (eg, section) []:Development
Common Name (eg, YOUR name) []:www.domain.com
Email Address []:ben@crushftp.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Now we get our private key for signing. 
openssl x509 -req -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem
echo "02" > ca.srl
And finally, we import the public key for our signing into our trust store so we can validate all signed keys user's submit. This files name "crush.keystore_trust" is specific. It must be in the same folder as the real keystore file for the server port, and must have the exact same name and password, except its name ends with "_trust". So in this case we expect to have a keystore named "crush.keystore". 
keytool -import -alias crushftp_ca -keystore crush.keystore_trust -trustcacerts -file ca.pem -storepass password

Now from here on, we just generate new signed certs for your clients. The key part is to set their username to be "NOLOGIN_myuser" if you want to force them to still enter a user/pass. Otherwise if you set their common name to a valid username, they will be able to login without a user/pass. 

openssl req -newkey rsa:512 -nodes -out myuser.req -keyout myuser.key

openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in myuser.req -out myuser.pem -days 365
openssl pkcs12 -export -clcerts -in myuser.pem -inkey myuser.key -out myuser.p12 -name "myuser_certificate"

Add new attachment

Only authorized users are allowed to upload new attachments.
« This particular version was published on 09-Oct-2016 18:14 by Ben Spink.
G’day (anonymous guest)

OLD WIKI!!!#

New: CrushFTPv9#

OLD WIKI!!!#


CrushFTP8 | What's New

Referenced by
Encryption
HTTP(S)
IP Servers

JSPWiki