| At line 1 changed one line |
| Here is an example on how to make a java keystore for SSL in CrushFTP. |
| !__Starting from the beginning :__ |
| \\ |
| \\ |
| ![Use Portecle's GUI to make a Keystore|Portecle] <---click here |
| \\ |
| \\ |
| \\ |
| \\ |
| \\ |
| ---- |
| !__Renewing a certificate :__ |
| \\ |
| \\ |
| ![Use Portecle's GUI to make a Keystore|Portecle] <---click here |
| \\ |
| \\ |
| \\ |
| \\ |
| \\ |
| ---- |
| Alternate methods for bringing in a cert from another server: |
| ---- |
| *Apache - If you already have a certificate for Apache, follow these [instructions|openssl_key_convert] for converting it. |
| ---- |
| *IIS - If you already have a certificate in IIS, you can export that certificate as a .PFX file and use that certificate directly in CrushFTP. [http://www.digicert.com/ssl-support/pfx-import-export-iis.htm] |
| ---- |
| *OS X Server - Export the private key using keychain. You will need to run keychain using root access to be able to export the certificate. |
| {{{ |
| sudo "/Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access" |
| }}} |
| Then use Portecle to add in the missing certificate that go along with the chain to trust the private key's signature. For GoDaddy, that means downloading the valicert, cross and intermediate cert. |
| ---- |
| At line 34 added 6 lines |
| These below instructions are complicated and shouldn't be used unless you just can't stand using Portecle for some strange reason. |
|
| *Java - When purchasing a certificate from a cert authority, be sure to choose 'Tomcat' for the format. |
|
|
| *PART 1 (Command Line) |
| At line 4 changed 4 lines |
| |
| I purchased a cheap chained certificate from godaddy. I chose the "Tomcat" type of certificate as CrushFTP works the same way as tomcat for certificates. I substituted "crushftp" instead of "tomcat" though. It really doesn't matter however. |
| |
| *PART 1 |
|
| At line 11 changed one line |
| keytool -genkey -keysize 2048 -alias crushftp -keyalg RSA -keystore crushftp.keystore |
| keytool -genkey -keysize 2048 -alias crushftp -keyalg RSA -keystore crushftp.jks |
| At line 47 added 5 lines |
| or with Elliptic Curve method:\\ |
| {{{ |
| keytool -genkey -keysize 2048 -alias crushftp -keyalg EC -sigalg SHA384withECDSA -keystore crushftp.jks |
| }}} |
|
| At line 43 changed one line |
|
| ---- |
| At line 49 changed 3 lines |
| keytool -certreq -keyalg RSA -alias crushftp -file crushftp.csr -keystore crushftp.keystore |
|
| Enter keystore password: |
| keytool -certreq -keyalg RSA -alias crushftp -file crushftp.csr -keystore crushftp.jks |
| At line 53 changed one line |
| Enter your password you used from above. |
| or with elliptic curve method:\\ |
| {{{ |
| keytool -certreq -keyalg EC -sigalg SHA384withECDSA -alias crushftp -file crushftp.csr -keystore crushftp.jks |
| }}} |
| Enter your password you used from above for the keystore. |
| At line 56 changed one line |
|
| ---- |
| At line 59 changed one line |
| WARNING! Keep your "crushftp.keystore" file! (Make a backup of it just in case you make a mistake in step 3.) You must have this original keystore file to apply the signed certificate GoDaddy gives back. |
| WARNING! Keep your "crushftp.jks" file! (Make a backup of it just in case you make a mistake in step 3.) You must have this original keystore file to apply the signed certificate GoDaddy gives back. |
| At line 72 changed one line |
| [https://certificates.starfieldtech.com/Repository.go] |
| [https://certs.godaddy.com/anonymous/repository.seam] |
| At line 82 changed one line |
| keytool -import -alias root -keystore crushftp.keystore -trustcacerts -file valicert_class2_root.crt |
| keytool -import -alias root -keystore crushftp.jks -trustcacerts -file valicert_class2_root.crt |
| At line 85 changed one line |
| keytool -import -alias cross -keystore crushftp.keystore -trustcacerts -file gd_cross_intermediate.crt |
| keytool -import -alias cross -keystore crushftp.jks -trustcacerts -file gd_cross_intermediate.crt |
| At line 88 changed one line |
| keytool -import -alias intermed -keystore crushftp.keystore -trustcacerts -file gd_intermediate.crt ] |
| keytool -import -alias intermed -keystore crushftp.jks -trustcacerts -file gd_intermediate.crt ] |
| At line 94 changed one line |
| keytool -import -alias crushftp -keyalg RSA -keystore crushftp.keystore -trustcacerts -file www.crushftp.com.crt |
| keytool -import -alias crushftp -keyalg RSA -keystore crushftp.jks -trustcacerts -file www.crushftp.com.crt |
| At line 96 changed 2 lines |
| (Substitute your certificates name instead of "www.crushftp.com.crt".) |
|
| (Substitute your certificate's name instead of "www.crushftp.com.crt".) |
| ---- |
| At line 103 removed 5 lines |
|
| If you already have a certificate for Apache, you may be able to convert it to a Java keystore and use it with CrushFTP. I provide this information untested, but it in theory looks like it would work. |
|
| [http://www.ks.uiuc.edu/Research/biocore/localServer/install/installCert.shtml] |
|
