This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Here are example commands for generating your own Certificate Authority, and signing your own keys to distribute to end users.

openssl req -newkey rsa:512 -nodes -out ca.csr -keyout ca.key
Fill in the questions. Use relevant data, but this information is only for you.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Texas
Locality Name (eg, city) []:Dallas
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CrushFTP
Organizational Unit Name (eg, section) []:Development
Common Name (eg, YOUR name) []:www.domain.com
Email Address []:ben@crushftp.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Now we get our private key for signing.
openssl x509 -req -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem
echo "02" > ca.srl
And finally, we import the public key for our signing into our trust store so we can validate all signed keys user's submit. This files name "crush.keystore_trust" is specific. It must be in the same folder as the real keystore file for the server port, and must have the exact same name and password, except its name ends with "_trust". So in this case we expect to have a keystore named "crush.keystore".
keytool -import -alias crushftp_ca -keystore crush.keystore_trust -trustcacerts -file ca.pem -storepass password

Now from here on, we just generate new signed certs for your clients. The key part is to set their username to be "NOLOGIN_myuser" if you want to force them to still enter a user/pass. Otherwise if you set their common name to a valid username, they will be able to login without a user/pass.

openssl req -newkey rsa:512 -nodes -out myuser.req -keyout myuser.key

openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in myuser.req -out myuser.pem -days 365
openssl pkcs12 -export -clcerts -in myuser.pem -inkey myuser.key -out myuser.p12 -name "myuser_certificate"

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
Clipboard01.jpg 262.2 kB 1 06-Mar-2020 07:45 Ada Csaba
jpg
Clipboard02.jpg 50.9 kB 1 06-Mar-2020 07:45 Ada Csaba
jpg
Clipboard03.jpg 93.9 kB 1 06-Mar-2020 07:45 Ada Csaba
jpg
Clipboard04.jpg 281.0 kB 1 06-Mar-2020 07:45 Ada Csaba
jpg
Clipboard05.jpg 157.8 kB 1 06-Mar-2020 07:45 Ada Csaba
jpg
Clipboard06.jpg 176.1 kB 1 06-Mar-2020 07:46 Ada Csaba
jpg
Clipboard07.jpg 153.7 kB 1 06-Mar-2020 07:46 Ada Csaba
jpg
Clipboard08.jpg 180.0 kB 1 06-Mar-2020 07:46 Ada Csaba
jpg
Clipboard09.jpg 73.7 kB 1 06-Mar-2020 07:46 Ada Csaba
jpg
Clipboard10.jpg 118.9 kB 2 06-Mar-2020 09:24 Ada Csaba
jpg
Clipboard11.jpg 118.9 kB 1 06-Mar-2020 09:27 Ada Csaba
« This particular version was published on 25-Oct-2018 04:31 by Ben Spink.
G’day (anonymous guest)
CrushFTP9 | What's New
JSPWiki