This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Getting a valid certificate is easy with CrushFTP.

Renewing a Certificate
#

Skip ahead to step 2, and create your CSR from your existing keystore files. Then continue on.

New Certificate#


1.)#

Starting from scratch, go to your Preferences, Encryption, SSL tab. Click 'Generate Now' on the Step 1 section.
attachments

Fill in the information about your company.
attachments

This will create the java key store for you (the .JKS file). This holds your certificate private key, the critical part you never want to loose or give away.

2.)#

Create the CSR using the Step 2 button. This CSR item is of no value except for this temporary signing step. Its your .JKS file that is *very* important, as is the password protecting it.
attachments
From this private key in your keystore, a Certificate Signing Request (CSR) file is generated, and this is the text that pops up for you. Copy this to your clipboard, and go paste this into your cert authority's requesting page. (GoDaddy, Verisign, DigiCert, Thawte, etc.)

3.)#

They will do their necessary verifications for the cert your requesting, and when done will give you your certificate. Now import the certificates given to you by your certificate authority. These are usually things like root, or intermediate, etc. Use the step 2 button to do this.

The keystore path info is probably pre-filled out for you from the step 1. If not, fill it in, and re-enter the password.
The certificate reply file is different than the rest. Its a specific file that is only valid for your private key in your JKS keystore file. Some vendors label it with your domain name, or a series of hex characters, etc.
The trusted certs are everything else. Typically these are a bundle file, or they can be stand alone intermediate and root certificate files. Add them all here one time.
Click import, and it will report if there are any errors.
attachments


4.)#

On most Operating Systems Java ships crippled by default due to US export laws. Its extremely annoying, but you must manually copy a couple files into your java install to allow CrushFTP to use strong cryptography keys (almost all keys these days.)

These policy files must be downloaded manually and installed in your Java lib/security folder.

Java6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
Java7: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Java8: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
You may also search google for: 'java unlimited cryptography policy files'

OS X Java 6 install location: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home/lib/security/
OS X Java 7 install location: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/
Windows install location: C:\Program Files\Java\jre6\lib\security\ or C:\Program Files\Java\jre7\lib\security

Don't forget to restart the Https port on Admin, ServerAdmin tab, for the changes to the certificate to take effect.

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
generate.png 56.9 kB 1 25-Oct-2018 04:31 Ben Spink
png
generate_button.png 38.0 kB 1 25-Oct-2018 04:31 Ben Spink
png
import.png 71.1 kB 1 25-Oct-2018 04:31 Ben Spink
png
sign.png 75.6 kB 1 25-Oct-2018 04:31 Ben Spink
« This particular version was published on 25-Oct-2018 04:31 by Ben Spink.
G’day (anonymous guest)
CrushFTP9 | What's New
JSPWiki