Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-19) was last changed on 05-Dec-2023 05:32 by Ben Spink

This page was created on 05-Dec-2023 05:32 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed one line
Here is an example on how to make a certificate request for an authority.
!__Starting from the beginning :__
\\
\\
![Use Portecle's GUI to make a Keystore|Portecle] <---click here
\\
\\
\\
\\
\\
----
!__Renewing a certificate :__
\\
\\
![Use Portecle's GUI to make a Keystore|Portecle] <---click here
\\
\\
\\
\\
\\
----
Alternate methods for bringing in a cert from another server:
----
*Apache - If you already have a certificate for Apache, follow these [instructions|openssl_key_convert] for converting it.
----
*IIS - If you already have a certificate in IIS, you can export that certificate as a .PFX file and use that certificate directly in CrushFTP. [http://www.digicert.com/ssl-support/pfx-import-export-iis.htm]
----
*OS X Server - Export the private key using keychain. You will need to run keychain using root access to be able to export the certificate.
{{{
sudo "/Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access"
}}}
Then use Portecle to add in the missing certificate that go along with the chain to trust the private key's signature. For GoDaddy, that means downloading the valicert, cross and intermediate cert.
----
At line 34 added 6 lines
These below instructions are complicated and shouldn't be used unless you just can't stand using Portecle for some strange reason.
*Java - When purchasing a certificate from a cert authority, be sure to choose 'Tomcat' for the format.
*PART 1 (Command Line)
At line 4 changed 4 lines
I purchased a cheap chained certificate from godaddy. I chose the "Tomcat" type of certificate as CrushFTP works the same way as tomcat for certificates. I substituted "crushftp" instead of "tomcat" though. It really doesn't matter however.
*PART 1
At line 11 changed one line
keytool -genkey -keysize 2048 -alias crushftp -keyalg RSA -keystore crushftp.keystore
keytool -genkey -keysize 2048 -alias crushftp -keyalg RSA -keystore crushftp.jks
At line 47 added 5 lines
or with Elliptic Curve method:\\
{{{
keytool -genkey -keysize 2048 -alias crushftp -keyalg EC -sigalg SHA384withECDSA -keystore crushftp.jks
}}}
At line 43 changed one line
----
At line 49 changed 3 lines
keytool -certreq -keyalg RSA -alias crushftp -file crushftp.csr -keystore crushftp.keystore
Enter keystore password:
keytool -certreq -keyalg RSA -alias crushftp -file crushftp.csr -keystore crushftp.jks
At line 53 changed one line
Enter your password you used from above.
or with elliptic curve method:\\
{{{
keytool -certreq -keyalg EC -sigalg SHA384withECDSA -alias crushftp -file crushftp.csr -keystore crushftp.jks
}}}
Enter your password you used from above for the keystore.
At line 56 changed 3 lines
*WARNING! Keep your "crushftp.keystore" file! (Maybe even make a backup of it just in case you make a mistake in step 3.) You must have this original keystore file to apply the signed certificate GoDaddy gives back.
----
At line 100 added 2 lines
WARNING! Keep your "crushftp.jks" file! (Make a backup of it just in case you make a mistake in step 3.) You must have this original keystore file to apply the signed certificate GoDaddy gives back.
At line 71 removed one line
At line 73 changed one line
[https://certificates.starfieldtech.com/Repository.go]
[https://certs.godaddy.com/anonymous/repository.seam]
At line 83 changed one line
keytool -import -alias root -keystore crushftp.keystore -trustcacerts -file valicert_class2_root.crt
keytool -import -alias root -keystore crushftp.jks -trustcacerts -file valicert_class2_root.crt
At line 85 changed 3 lines
Certificate was added to keystore<br/>
keytool -import -alias cross -keystore crushftp.keystore -trustcacerts -file gd_cross_intermediate.crt
keytool -import -alias intermed -keystore crushftp.keystore -trustcacerts -file gd_intermediate.crt ]
Certificate was added to keystore
keytool -import -alias cross -keystore crushftp.jks -trustcacerts -file gd_cross_intermediate.crt
Trust this certificate? [no]: yes
Certificate was added to keystore
keytool -import -alias intermed -keystore crushftp.jks -trustcacerts -file gd_intermediate.crt ]
Trust this certificate? [no]: yes
Certificate was added to keystore
At line 91 changed one line
keytool -import -alias crushftp -keyalg RSA -keystore crushftp.keystore -trustcacerts -file www.crushftp.com.crt
keytool -import -alias crushftp -keyalg RSA -keystore crushftp.jks -trustcacerts -file www.crushftp.com.crt
At line 93 changed one line
(Substitute your certificates name instead of "www.crushftp.com.crt".)
(Substitute your certificate's name instead of "www.crushftp.com.crt".)
----
Now the resulting crushftp.keystore is a complete signed certificate chain. Place this file in the CrushFTP folder. Then go to the preferences of CrushFTP. Choose encryption on the left, then SSL. Browse and locate your crushftp.keystore file.
At line 95 removed 2 lines
Now the resulting crushftp.keystore is a complete signed certificate chain. Place this file where ever you like, but that might as well be in the CrushFTP folder. Then go to the preferences of CrushFTP. Choose encryption on the left, then SSL. Browse and locate your crushftp.keystore file.
At line 100 removed 5 lines
If you already have a certificate for Apache, you may be able to convert it to a Java keystore and use it with CrushFTP. I provide this information untested, but it in theory looks like it would work.
[http://www.ks.uiuc.edu/Research/biocore/localServer/install/installCert.shtml]
Version Date Modified Size Author Changes ... Change note
19 05-Dec-2023 05:32 6.064 kB Ben Spink to previous
18 05-Dec-2023 05:32 5.769 kB Ben Spink to previous | to last SSL ==> SSL_CLI
17 05-Dec-2023 05:32 5.769 kB Ben Spink to previous | to last
16 05-Dec-2023 05:32 5.637 kB Ben Spink to previous | to last
15 05-Dec-2023 05:32 5.4 kB Ben Spink to previous | to last
14 05-Dec-2023 05:32 5.401 kB Ben Spink to previous | to last
13 05-Dec-2023 05:32 5.406 kB Ben Spink to previous | to last
12 05-Dec-2023 05:32 5.436 kB Ben Spink to previous | to last
11 05-Dec-2023 05:32 5.525 kB Ben Spink to previous | to last
10 05-Dec-2023 05:32 5.398 kB Ben Spink to previous | to last
9 05-Dec-2023 05:32 5.36 kB Ben Spink to previous | to last
8 05-Dec-2023 05:32 5.356 kB Ben Spink to previous | to last
7 05-Dec-2023 05:32 5.35 kB Ben Spink to previous | to last
6 05-Dec-2023 05:32 5.3 kB Ben Spink to previous | to last
5 05-Dec-2023 05:32 5.262 kB Ben Spink to previous | to last
4 05-Dec-2023 05:32 5.197 kB Ben Spink to previous | to last
3 05-Dec-2023 05:32 5.027 kB Ben Spink to previous | to last
2 05-Dec-2023 05:32 4.954 kB Ben Spink to previous | to last
1 05-Dec-2023 05:32 6.147 kB Ben Spink to last
« This page (revision-19) was last changed on 05-Dec-2023 05:32 by Ben Spink
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
SSL

JSPWiki