I've been trying to update our certificate for our Crushftp server that has its own domain. I've used the keytool utility to create a keystore, request a csr from our provider, and imported the certs into the keystore. When I point to the keystore in the web interface, I am able to test the certificate with no problems. After I restarted the https and also the crush ftp server, it now has a different certificate error. Before it said the certificate was expired. Now it's saying that the certificate is not trusted and not the correct URL. (The certificate I requested was for the correct domain but now the cert error says it's for www.crushftp.com) It is also says it's using SHA-1 when the certificate I imported was using SHA-2.
I put in a support ticket, but received responses from multiple people and felt they were each telling me different things. They also keep telling me I need the jks file but I cannot find the file on the server.
Just to add additional information, we are using CrushFTP version 7.2 and this a SHA-2 certificate. I did notice if I try to create a new key, it defaults to SHA-1.
Go back to the ticket, you aren't going to get a better reply here. If in doubt, a reply from "Ben" trumps all other replies.
These forums are in a state of limbo...we are migrating them, and they are not really monitored until e get onto the new forum system. Then they will be monitored in realtime again. Freshdesk - > LADesk.
Hi Dave! Just wondering if your problem was ever resolved? It looks like I'm having the same problems that you've described above in my attempts to update a CrushFTP SSL certificate: updates and tests successful, but browser is reporting a self-signed certificate with the "www.crushftp.com" domain. The CrushFTP server I'm attempting to update is also v7.2. Thanks!
I did get it resolved. I ended up starting over from scratch with the directions in http://www.crushftp.com/crush7wiki/Wiki.jsp?page=SSL. That still caused an issue with the self signed cert, though. It turns out that I had two certs. One was the one I created and installed under Preferences->Encryption->SSL. There was another cert that was specified under IP/Servers -> HTTPS://lookup:443 -> and under the Advanced Tab. I removed that one and restarted the https server and it resolved the issue. Support helped me find that mistake. I originally checked under IP/Servers for a cert, but didn't find one. I didn't realize that you had to check under each server item. I hope this helps!
Mike, I second what Dave said. That is a common mistake configuring the cert twice. Make sure the HTTPS port, advanced is cleared out, then it will sue the global cert config.
Thank you so much, Dave (and Ben)! Your advice was spot on. Clearing out the second certificate did the trick!