THE INFORMATION IN THIS ARTICLE APPLIES TO:
- Secure FTP Server (FIPS)
- EFT Server
QUESTION
How can I generate and convert keys and certificates?
ANSWER
The server's Certificate Creation wizard guides you through the process of creating keys and certificates without using a command line. If you prefer to use a command line tool, the OpenSSL command-line tool can be used to generate and convert private keys and public certificates, including:
- Creation of RSA, DH, and DSA key parameters
- Creation of X.509 certificates, CSRs, and CRLs
- Calculation of Message Digests
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
- Handling of S/MIME signed or encrypted mail
You can download the precompiled Windows binary and Windows Installer for OpenSSL from http://www.openssl.org/related/binaries.html. The OpenSSL distribution contains a number of utilities, including the main utility openssl.exe. By default, the utilities are installed in C:\Openssl\bin. The main utility, openssl.exe, and associated utilities are used at a Windows command prompt.
Some commands require specification of the OpenSSL configuration file openssl.cnf. By default, this file is installed in C:\Openssl\bin. Therefore, when required to specify the configuration filename, you would
use the following path:
- In SSL library version 0.9.8g the file is C:\OpenSSL\bin\openssl.cnf
- In SSL library version 0.9.8h and later, the file is C:\OpenSSL\bin\openssl.cfg
You can run the commands from any location by specifying the full path to the desired executable or by changing to the bin directory and using only the executable filenames.
For example:
>cd c:\temp
>c:\Openssl\bin\openssl
Or:
>cd c:\Openssl\bin
>openssl.exe
Using OpenSSL to Generate and Convert Private Keys and Public Certificates
Refer to the procedures below for using OpenSSL to generate or convert private keys and public certificates.