

<pre>
Getting a valid certificate is easy with CrushFTP.

!!Renewing a Certificate\\
Skip ahead to step 2, and create your CSR from your existing keystore files.  Then continue on.

!!New Certificate
----
!!1.)
Starting from scratch, go to your Preferences, Encryption, SSL tab.  Click 'Generate Now' on the Step 1 section.\\
[attachments|generate_button.png]\\
\\
Fill in the information about your company.\\
[attachments|generate.png]\\
\\
This will create the java key store for you (the .JKS file).  This holds your certificate private key, the critical part you never want to loose or give away.

----
!!2.)
Create the CSR using the Step 2 button. This CSR item is of no value except for this temporary signing step.  Its your .JKS file that is *very* important, as is the password protecting it.\\
[attachments|sign.png]\\
From this private key in your keystore, a Certificate Signing Request (CSR) file is generated, and this is the text that pops up for you.  Copy this to your clipboard, and go paste this into your cert authority's requesting page.  (GoDaddy, Verisign, DigiCert, Thawte, etc.)  
----
!!3.)
They will do their necessary verifications for the cert your requesting, and when done will give you your certificate.  Now import the certificates given to you by your certificate authority. These are usually things like root, or intermediate, etc.  Use the step 2 button to do this.\\

The keystore path info is probably pre-filled out for you from the step 1.  If not, fill it in, and re-enter the password.\\
The certificate reply file is different than the rest.  Its a specific file that is only valid for your private key in your JKS keystore file.  Some vendors label it with your domain name, or a series of hex characters, etc.\\
The trusted certs are everything else.  Typically these are a bundle file, or they can be stand alone intermediate and root certificate files.  Add them all here one time.\\
Click import, and it will report if there are any errors.\\
[attachments|import.png]
----
!!4.)
On most Operating Systems Java ships crippled by default due to US export laws.  Its extremely annoying, but you must manually copy a couple files into your java install to allow CrushFTP to use strong cryptography keys (almost all keys these days.)\\

These policy files must be downloaded manually and installed in your Java lib/security folder.\\

Java6: [http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html]\\
Java7: [http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html]\\
Java8: [http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html]\\
You may also search google for: 'java unlimited cryptography policy files'

OS X Java 6 install location: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home/lib/security/ \\
OS X Java 7 install location: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/ \\
Windows install location: C:\Program Files\Java\jre6\lib\security\ or C:\Program Files\Java\jre7\lib\security\\


Don't forget to restart the Https port on Admin, ServerAdmin tab, for the changes to the certificate to take effect.\\

</pre>