How do I generate a certificate request for a 3rd party cert

The Knowledgebase provides a database of answers to many Technical questions.

How do I generate a certificate request for a 3rd party cert

Postby FTP » Thu Dec 10, 2009 9:55 am

Step 1 - Create a new SSL certificate using WingFTP
You can create a new SSL certificate at "Server->Settings->SSL Certificate Manager". Wing FTP will automatically generate three files in your directory, with extension of ".crt", ".key" and ".csr" respectively. For example, if you name the SSL certificate file “yoursite”, you will find:
“yoursite.crt” : the certificate file signed by Wing FTP.
“yoursite.key” : the private key file. Please keep it secret for it is very important.
“yoursite.csr”: the Certificate Signing Request file, need to be sent to the certificate authorities(CAs) to apply for a digital identity certificate.

Step 2 - Send the Certificate Signing Request file to CA
If your request is successful, you will get a digitally signed identity certificate from the CA. Replace your previous certificate file with the new .crt file from the CA.

Please note that if your SSL certificate is issued by some intermediate certificate authorities, you may need to take some further steps to make it work. You need to create a new file with extension of ".crt" and make a certificate chain in it. The basic format of the certificate chain is like this:
-----BEGIN CERTIFICATE-----
your site certificate signed by CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA 1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA 2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA n
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Root CA
-----END CERTIFICATE-----

step 3 - Config your domain with the certificate signed by CA
After your certificate be signed and added under "Server -> Settings -> SSL Certificate Manager", you also need to select it under "Domain -> Settings -> General Settings -> Miscellaneous -> SSL Certificate".



Note: When you create the self-signed certificate in the first step, the "Domain Name/Common Name" field must match the fully qualified domain name or IP address of your server, or clients will encounter "Certificate Mismatch" error.
FTP
Site Admin
 
1674
 
Tue Sep 29, 2009 6:09 am

Return to Knowledgebase

Who is online

Users browsing this forum: Google [Bot] and 1 guest

cron