About Certificate Signing Requests
The first step in requesting a certificate from a Certificate Authority (CA) usually requires creating what is called a Certificate Signing Request (CSR). There are several tools available to help with creating a CSR, but Cerberus FTP Server includes an easy-to-use CSR generation tool that you can use to easily create a CSR and private key for your server.
Cerberus FTP Server includes an easy-to-use CSR wizard that will generate a private key file and CSR file for you. You can start the CSR Wizard by opening the Tools menu and selecting the Generate a CSR menu item.
The CSR process generally involves the following steps:
- Generate a CSR file and a private key file using the Cerberus CSR Dialog. The CSR file contains your public key.
- Submit the CSR file to your preferred CA. Make sure you keep the private key file.
- The CA will take your CSR and generate a trusted SSL certificate from it.
- Download the trusted SSL certificate from the CA, and assign it to Cerberus by filling in the path to the key in the 'Certificate Path' field in Server Manager > Security.
- Assign your Private Key to Cerberus by filling in the path to the key in the 'Private Key Path' field in Server Manager > Security.
- Download the intermediate certificates file from the CA (sometimes called a CA bundle file), and assign it as the CA File on the Security page.
Creating a Certificate Signing Request
Fill in all of the required fields for the CSR and then press the Generate button. After you select the Generate button, a directory selection dialog box will appear to allow you to specify a directory to save the private key and certificate signing request files.
Submitting your CSR to a Certificate Authority
You will submit the CSR file to your CA and keep the private key file. Once your CA has approved your CSR they will issue you a signed public certificate file. This signed public certificate file from your CA and the private key file, created during your certificate signing request, together represent your server public and private key pair.
The CA will usually provide several different format options for the signed public certificate. The preferred format is a PEM-formatted certificate (the same format Apache web server uses). PEM is also called a Base64 encoded DER certificate. You can tell if a certificate is in this format by opening it in a text editor, and looking for the beginning and ending lines “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“.
Assigning your Certificate and Private Key in Cerberus FTP Server
The final step involves assigning the signed public certificate file and private key file as your public key pair in the Security page of the Server Manager.
- Select Server Manager from the main menu.
- Select the Security tab.
- Under the Server Key Pair group, Click the file selection button next to the Certificate edit control.
- A file open dialog will appear that will allow you to select the public certificate provided by your certificate authority.
- Under the Server Key Pair group, Click the file selection button next to the Private Key edit control.
- A file open dialog will appear that will allow you to select the server’s private key. This file was generated when you first created your CSR.
- Most CAs provide a CA bundle file that contains all of the intermediate CA certificates leading up to your signed certificate. If your CA provides a CA bundle file, download and assigns that file to the CA File field.