JSCAPE Secure FTP Server - Creating a signed certificate for use in securing HTTP connections
JSCAPE Secure FTP Server is a platform independent managed file transfer server that supports FTP, secure FTPS (FTP over SSL), SFTP/SSH, HTTP, HTTPS and WebDAV protocols.
 
If you decide to use the web interface for performing file transfers you have the option of securing these transfers using HTTPS. The HTTPS protocol requires an SSL certificate to be used. You can either generate your own self-signed certificate using the "Key manager" found in JSCAPE Secure FTP Server Manager, or you can create a certificate signing request (CSR) and have your certificate signed by a third party known as a certificate authority (CA).
When using your own self-signed certificate the client web browser may display a warning message letting the user know that the certificate in use is not signed by a known CA. This is not an error but rather a warning to the user that the certificate has not been validated by a trusted authority. If you wish to avoid this message you should create a certificate signing request have that certificate signed by a trusted certificate authority.
This tutorial will cover the following topics:
- Generating a private key
- Generating a CSR (Certificate Signing Request)
- Submitting CSR to CA (Certificate Authority)
- Importing Signed Certificate
- Verifying Signed Certificate
The first step in obtaining a CA signed certificate is to generate your own private key. The most important thing to understand when generating your private key is that the "Common Name" field should match the domain name that clients will use when connecting to your FTPS or HTTPS server. For example, if your HTTPS or FTPS server will be served under the domain www.mydomain.com then this is the value you should use in your "Common Name" field when generating your private key.
To generate a private key open the Key Manager by selecting the File > Key Manager... option from the main menu. The "Key manager" dialog will be displayed.
Figure 1
Next, select the "Private keys" tab and click on the "Generate" button. The "Generate key wizard" is displayed.
Figure 2
Alias - Alias you wish to assign to the key.
Type - The algorithm used in generating this key. Valid options are RSA and DSA.
Length - The length of the key in bytes. Valid options are 1024 and 2048.
Click "Next" and the wizard asks for the necessary certificate parameters. Remember that in the Common Name field you will want to use the domain name e.g. www.domain.com that your users use when connecting to your FTPS or HTTPS server.
Figure 3
Period - The number of days this key is valid.
Common Name - The name you wish to assign this key. Typically the domain name this key will server e.g. ftp.mydomain.com
Organizational Unit - The unit within your organization that this key will be used for e.g. IT.
Organization - Your organization name.
Locality - Your city.
State/Province - Your state or province.
Country code - Your 2 character country code e.g. "US".
The next step is to create a certificate signing request for your private key. The CSR will be used by the CA in order to create a signed certificate. To generate a CSR, highlight the desired private key in the Key Manager and click the "Generate CSR" button. A dialog will prompt you for the location in which to store the CSR.
Figure 4
The next step is to submit your CSR to the CA for use in generating your signed certificate. Please consult your CA for instructions on how to accomplish this. Your CA may ask you in which format you would like the certificate. If this option is presented to you select the "Other" option to receive the certificate in a standard format. To request a JSCAPE signed certificate please visit the following:
https://www.securepaynet.net/gdshop/ssl/ssl.asp?prog_id=423530&ci=1789&
The last step is to import the signed certificate issued to you by your CA. To import the signed certificate select the private key that was used to generate the CSR and click the "Import certificates" button. You will be prompted for the path of the certificate file issued to you by your CA.
Figure 5
File - The file containing signed certificate.
File password - The password protecting certificate. Leave blank if none.
Certificates alias in file - The certificate alias in file. Leave blank if none.
Upon successfully installing your signed certificate you can verify that it is working by connecting using any HTTPS or FTPS client and viewing the certificate details. You should notice in the certificate details that the CA is listed as a trusted authority for the certificate.
|
