Start a new topic
Answered

Self-signed certificates for server-side auth.

 Hi,

   I am exploring CrushFTP7.5 in Linux OS, I wanted to provide server-side authentication using SSL. Here, I am trying to create self-signed certificate.  I followed this link . Here I am not able to generate self-signed cert. But I tried to do it with openssl, it's expecting private.key while signing but we have .jks generated from our web interface. Help is needed to resolve this.


Thanks in advance.


Best Answer

You're making this too hard.


Do step 1.


You're done.  No other steps, no other tools, nothing else to do.  It makes you a JKS file, that JKS file is what CrushFTP uses, that is it.


If you aren't buying a signed cert from GoDaddy, or DirectNic, or Verisign, etc...then you don't have step 2 or 3 to do.


*Only Step 1*


Thanks,
Ben


What failed in our steps of 1, 2, 3?


If you're making a brand new certificate, do it in CrushFTP using our steps.  Don't try using OpenSSL for anything or you have to do it all on your own.

In 3rd step import authority reply file. If I understood correctly, i.e., signed certificate from third party vendor (CA). But we want to have self-signed cert for now. How to get that reply file from CA(If CA is my-self)? And Is it compulsory to have trusted certificates?

 

step 1 made your self signed cert.  You were done at step 1.


If you care about security, then having a domain name and a trusted cert is important.  If you don't care about security, then you might as well be doing HTTP and not pretend to be secure.


Not having a trusted cert is not really any more secure than just plain HTTP.  You have no idea if someone is between your client and server capturing all data and everything you do.


--Ben

How do i get .crt file for step3?  What ever i generated in step-1 is in java key-store i.e., .jks format.

 

We used keytool to export .crt file from .jks created in step-1. That we used in step-3. Is this the correct way to proceed?

 

Answer

You're making this too hard.


Do step 1.


You're done.  No other steps, no other tools, nothing else to do.  It makes you a JKS file, that JKS file is what CrushFTP uses, that is it.


If you aren't buying a signed cert from GoDaddy, or DirectNic, or Verisign, etc...then you don't have step 2 or 3 to do.


*Only Step 1*


Thanks,
Ben

Login to post a comment