This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Here is an example on how to make a certificate request for an authority.

(I am going to use GoDaddy for my example, but the same would be similar for other certificate authorities as well.) I purchased a cheap chained certificate from godaddy. I chose the "Tomcat" type of certificate as CrushFTP works the same way as tomcat for certificates. I substituted "crushftp" instead of "tomcat" though. It really doesn't matter however.

  • PART 1
Here are the commands I issued from an OS X terminal: (These commands work on windows, linux, etc. They are Java commands, and not OS X commands. Download a Java JDK for windows, and use the applications in the BIN directory in the same way as I list out below.)
keytool -genkey -keysize 2048 -alias crushftp -keyalg RSA -keystore crushftp.keystore
You will be prompted for a password here...REMEMBER it!

Re-enter the password.

What is your first and last name?

Be sure to enter the domain name as it will appear in the browser. Do not enter your name.

  [Unknown]:  www.crushftp.com
What is the name of your organizational unit?
  [Unknown]:  server
What is the name of your organization?
  [Unknown]:  Ben Spink
What is the name of your City or Locality?
  [Unknown]:  YourCityHere
What is the name of your State or Province?
  [Unknown]:  YourStateHere
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=www.crushftp.com, OU=server, O=Ben Spink, L=YourCityHere, ST=YourStateHere, C=US correct?
  [no]:  yes
Type "yes" if the above is accurate and correct.
Enter key password for -crushftp-
  (RETURN if same as keystore password):
Do yourself a favor and use the same password (just hit return, or re-key it.)
  • PART 2

You now have a self singed cert waiting to be signed by a certificate authority. Now we get make a certificate request that we give to GoDaddy to sign.

keytool -certreq -keyalg RSA -alias crushftp -file crushftp.csr -keystore crushftp.keystore

Enter keystore password:
Enter your password you used from above.

Now you take this resulting "crushftp.csr" file and copy its contents and paste into GoDaddy's CSR request page.

  • WARNING! Keep your "crushftp.keystore" file! (Maybe even make a backup of it just in case you make a mistake in step 3.) You must have this original keystore file to apply the signed certificate GoDaddy gives back.
  • PART 3

After completing the cert request through GoDaddy, you will be given a link to download your certificate package. This .zip file expands into a folder with the following files:

gd_bundle.crt
gd_cross_intermediate.crt
gd_intermediate.crt
www.crushftp.com.crt

(Instead of www.crushftp.com.crt, you will have one corresponding to your domain.)

You still need one more file. Go to GoDaddy to get their root certificate: https://certificates.starfieldtech.com/Repository.go

Download the "valicert_class2_root.crt" file. Place it in the same folder with all the other certificates.

Copy in your "crushftp.keystore" file created above in Part 1. Be sure to use a COPY in case anything goes wrong, you can go back to your backup you made!

Now a few more command lines to finish building your fully trusted certificate. The password is the one from part 1.

keytool -import -alias root -keystore crushftp.keystore -trustcacerts -file valicert_class2_root.crt
Trust this certificate? [no]:  yes
Certificate was added to keystore<br/>
keytool -import -alias cross -keystore crushftp.keystore -trustcacerts -file gd_cross_intermediate.crt
keytool -import -alias intermed -keystore crushftp.keystore -trustcacerts -file gd_intermediate.crt ]
Finally import your signed certificate which updates your pre-existing unsigned certificate.
keytool -import -alias crushftp -keyalg RSA -keystore crushftp.keystore -trustcacerts -file www.crushftp.com.crt
(Substitute your certificates name instead of "www.crushftp.com.crt".)

Now the resulting crushftp.keystore is a complete signed certificate chain. Place this file where ever you like, but that might as well be in the CrushFTP folder. Then go to the preferences of CrushFTP. Choose encryption on the left, then SSL. Browse and locate your crushftp.keystore file.

For the passwords, enter in the password you used above everywhere. Set both the keystore password and the cert password. They should be the same as long as you followed directions above.

Lastly, either restart CrushFTP, or choose stop all servers, start all servers to make the server items load the new certificate.

If you already have a certificate for Apache, you may be able to convert it to a Java keystore and use it with CrushFTP. I provide this information untested, but it in theory looks like it would work.

http://www.ks.uiuc.edu/Research/biocore/localServer/install/installCert.shtml

Add new attachment

Only authorized users are allowed to upload new attachments.
« This particular version was published on 09-Oct-2016 18:14 by Ben Spink.
G’day (anonymous guest)

OLD WIKI!!!#

New: CrushFTPv9#

OLD WIKI!!!#


CrushFTP8 | What's New

Referenced by
SSL

JSPWiki