

<pre>
Portecle is a free open source program that can help with certificate management.  [http://portecle.sourceforge.net/]

Portecle runs on any OS.  Here is a guide on creating a new certificate.

-----

Run portecle directly from the portecle website.  Click the link to download, and run the application.  (Portecle requires java to be installed on your machine to run.)\\
[http://portecle.sourceforge.net/webstart/portecle.jnlp]

Select new keystore from the file menu.

[attachments|new_keystore.png]

Use the default JKS format.

[attachments|jks.png]

Now, select generate key pair from the tools menu.

[attachments|generate_keypair.png]

Select your bit strength.

[attachments|bits.png]

Fill in the information about you or your company.  Make sure the common name is your website host address.

[attachments|cert_info.png]

Use an alias name that is the default of your website name.

[attachments|alias.png]

Use a password that will be used again later for the keystore password.  Make it the same.

[attachments|password.png]

Now right click on your key pair and select generate certification request.

[attachments|csr.png]

Save the csr to your desktop or somewhere else.

[attachments|save_csr.png]

Get your CSR signed by your certificate authority.  (This process is different for every cert authority.  But the files you download after they have signed it should be in the Java or Tomcat format for simplicity.  Do not get a bundle, but get the individual files.)

Now import the certificates given to you by your certificate authority.  These are usually things like root, or intermediate, etc.

[attachments|import_cert.png]

Now be sure to trust the certificate authorities builtin certificate, or else this next step will fail  Go to the tools menu in Portecle, and select Options.  Enable 'Use CA Certs Keystore'.

[attachments|portecle_options.png]

Now, import the &quot;signed&quot; version of your certificate file using the right click Import CA Reply menu.

[attachments|import_reply.png]

The next popup will be a request for you to enter the password for your CA Certs keystore file.  The password here is 'changeit'.  Enter that.

[attachments|cacerts_pass.png]

After this you may be asked for your cert password from the earlier steps.  Enter it if prompted.
\\
\\

And finally, save your keystore with a .jks extension if its .jks or if its a pkcs12 format, then use .pfx for the extension.

[attachments|save.png]

Now you can reference this keystore in CrushFTP under the server preferences, Encryption, SSL tab.  Or you can set it specifically on the advanced tab of a particular port.

</pre>