Accepting and signing SSL certificates


THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT, all versions

DISCUSSION

If you require certificates for SSL connections you have to provide signed certificates or send certificate signing requests. You have to add the signed certificates to the trusted list and sign the certificate signing requests before users can connect.

To add a certificate to the trusted list

  1. On the main menu, do one of the following:
    • Click Tools > Certificate Manager.
    • Click the Certificate Manager icon on the toolbar.
  2. The Certificate Manager appears.

    • If the certificate is listed under the Pending Certificates window, click Make Trusted. The certificate is added to the Trusted Certificates database and clients submitting that certificate are able to connect to the server.
    • If the certificate is not listed under the Pending certificates window continue this procedure.
  3. Click Import. The Import Certificate dialog box appears.
  4. Browse to the folder that contains the client's certificate file and select the file. You can import digital certificates in any of the following formats: PEM, DER, PKCS#7, PKCS#12. The Private Key associated with the digital certificate can be in one of the following formats: PEM, DER, PKCS#8, PKCS#12.
  5. Click Open. The server attempts to detect the certificate format. If it is unable to determine the format or if the import fails, an error message appears. You might have to manually convert a digital certificate to one of the formats mentioned earlier to import the certificate. Please consult the distributor/vendor of your certificate for details about this process.
  6. The certificate is added to the Trusted Certificates database. Clients submitting that certificate are able to connect to the server.

To sign a certificate

  1. Obtain the Certificate Signing Request file (.csr). This can be done through email or any other file delivery method.
  2. On the main menu, do one of the following:
    • Click Tools > Sign SSL Certificate.
    • Click the Certificate Signing Utility icon on the toolbar.
  3. The Certificate Signing Utility dialog box appears.
  4. In the Client certificate request box, click the folder icon to browse for and specify the Certificate Signing Request (.csr) file that you want to sign.

  5. In the Output path box, click the folder icon to browse for and specify the folder in which to save the signed certificate (.crt) file.

  6. In the Resulting certificate expiration date box, click the list to open a calendar in which to specify an expiration date.

    • Click the left- and right-facing arrows to scroll through the months.

  7. In the Signing certificate box, specify the certificate (.crt) that you want to use to sign the certificate request file (.csr). The signing certificate must be in your trusted certificate database in order for clients submitting the signed certificate to connect to the Site. (See above procedure.)

  8. In the Private key box, specify the private key file (.key) associated with the signing certificate.

  9. In the Passphrase box, provide the passphrase associated with the signing certificate.

  10. Click OK. The new certificate is saved in the folder you specified.