In this post, we show you how to create a client certificate. Client certificates are the key pieces in client certificate authentication, a method you can use to augment your HTTPS, FTPS, or WebDAVs server's username-password login system.
This is actually just one of three closely related posts that can help you take advantage of this less-known security feature of SSL/TLS. The other two posts are:
Note: If you want to follow this tutorial, we encourage you to download the free, fully-functional evaluation edition of JSCAPE MFT Server.
Let's begin the tutorial.
1. Launch the Key Manager
Go to Server > Key Manager
2. Generate the client certificate
Navigate to the Client Keys tab and then click the Generate button.
This is exactly the same place where you create a SFTP key.
3. Enter client certificate details
Fill up the fields in the Generate Client Key dialog. You'll need to enter the following information (note that we will be using the terms "certificate" and "key" interchangeably here):
Key alias - The key alias is just the name that will be used in referring to this particular key within the JSCAPE MFT Server Manager environment, e.g. jsmith
Key algorithm - Choose between RSA or DSA. Click that link for an enlightening discussion on these two key algorithms.
Key length - Choose between 1024 and 2048. Read the post "Choosing Key Lengths for Encrypted File Transfers" if you need more information on the subject.
Validity - Specifies how many days you would like this key to remain valid.
Common name (CN) - This will be the name of the certificate as seen by whoever will be importing or using the certificate on the client side (usually on a Web browser). The usual practice is to enter the user's full name.
Organization unit (OU) - Indicates the specific unit in your organization that will be using this key, e.g. Accounting
Organization (O) - The name of the user's organization
Locality (L) - The name of the user's city.
State/Province (ST) - The name of the user's state or province.
Country (C) - The user's 2-character country code, e.g. "US"
4. Export the client certificate
After you click OK, you'll be prompted to export the client certificate a.k.a. private key. Enter a filename. In our experience, it's usually best to add the .pfx extension. Enter a password as well to protect it. Lastly, specify a format. We recommend PKCS12. Click OK to proceed.
Save the file when prompted.
4. Check out your newly created client certificate
Your newly created client certificate should then be added to your Client Keys under the Certificates node. Double-check it to see if everything's good.
Now that you have your newly created client certificate, you can load the pfx file you recently exported unto a user's client application. For example, you can import that client certificate into Firefox.
In our next post, we'll show you how to put our newly created client certificate to good use by enabling client certificate authentication on JSCAPE MFT Server's HTTPS, FTPS, and WebDAVs services. Stay tuned for that!
In the meantime, thank you for joining us. Enjoy the rest of the day and stay secure!
JSCAPE MFT Server is a platform-independent, multi-protocol (FTP, FTPS, SFTP, HTTP, HTTPS, WebDAV, WebDAVs, SCP, AS2, OFTP, TFTP, AFTP, etc.) managed file transfer server that comes pre-loaded with several security and automation features. Download a free, fully-functional evaluation edition now.
We'd love to engage with you on social media. Do connect with us ...