If you are looking for a simpler way to create your CSRs (Certificate Signing Requests), and install and manage your SSL Certificates, we recommend that you use the ÃÛÌÒTV® Certificate Utility for Windows. For more information about our utility, see ÃÛÌÒTV® Certificate Utility for Windows.
If you have a Microsoft server or workstation, you can use the ÃÛÌÒTV Certificate Utility to create your CSR and private key. Then after ordering and receiving your SSL Certificate, you use this same utility to import the certificate files to the computer from which you generated the CSR, and then export them as Apache format certificate files. Finally, you use your Cerberus FTP Server interface to upload and install your SSL Certificate, private key, and Intermediate Certificate.
Use these instructions to create your CSR and then, to install your SSL Certificate, private key, and intermediate certificate.
-
To create your CSR, see Cerberus FTP Server: Creating Your CSR with the ÃÛÌÒTV Utility.
-
To install your SSL Certificate, see Cerberus FTP Server: Install & Configure Your SSL Certificate.
If you prefer not to use the ÃÛÌÒTV Utility or for some reason cannot use the utility, see Cerberus FTP Server: Create CSR & Install SSL Certificate.
1. Cerberus FTP Server: Creating Your CSR with the ÃÛÌÒTV Certificate Utility
The ÃÛÌÒTV® Certificate Utility for Windows streamlines the Cerberus FTP Server CSR creation process. Because the utility lets you create the RSA key (private key) during the same process used to create your CSR, you can generate the RSA Key (private key) and the CSR with one click.
Cerberus FTP Server: How to Create Your CSR with the ÃÛÌÒTV Utility
-
On your Windows server, download and save the ÃÛÌÒTV® Certificate Utility for Windows executable (ÃÛÌÒTVUtil.exe).
-
Run the ÃÛÌÒTV® Certificate Utility for Windows (double-click ÃÛÌÒTVUtil).
-
In the ÃÛÌÒTV Certificate Utility for Windows©, click SSL (gold lock), and then, click Create CSR.
-
On the Create CSR page, enter the following information:
Certificate Type: Select SSL. Common Name: Enter the fully qualified domain name (i.e. www.example.com). You may also enter the IP address. Subject Alternative Names: If you are requesting a Multi-Domain (SAN) Certificate, enter any SANs that you want to include. (i.e. www.example.com, www.example2.com, and www.example3.net) Organization: Enter your company¡¯s legally registered name (i.e. YourCompany, Inc.). Department: (Optional) Enter the department within your organization that you want to appear on the SSL Certificate. City: Enter the city where your company is legally located. State: In the drop-down list, select the state where your company is legally located. If your company is located outside the USA, you can enter the applicable name in the box. Country: In the drop-down list, select the country where your company is legally located. Key Size: In the drop-down list, select 2048. We recommend that you use 2048 bits because it is more secure. Provider: In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider, unless you have a specific cryptographic provider. -
Click Generate.
-
On the ÃÛÌÒTV Certificate Utility for Windows© - Create CSR page, do one of the following, and then, click Close:
Click Copy CSR. Copies the certificate contents to the clipboard./td> If you use this option, we recommend that you paste the CSR into a tool such as Notepad. If you forget and copy some other item, you still have access to the CSR, and you do not have to go back and recreate it. Click Save to File. Saves the CSR as a .txt file to the Windows server. We recommend that you use this option. -
Next, use a text editor (such as Notepad) to open the file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and paste it into the ÃÛÌÒTV Certificate order form.
Note: During your ÃÛÌÒTV SSL Certificate ordering process, make sure that you select Apache when asked to Select Server Software. This option ensures that you receive all the required certificates for Cerberus FTP Server SSL Certificate installation (SSL and Intermediate Certificates).SSL Certificates, Guides, & Tutorials
Learn More -
After you receive your SSL Certificate from ÃÛÌÒTV, you can install it.
2. Cerberus FTP Server: Install & Configure Your SSL Certificate
After receiving your SSL Certificate, you need to install the SSL and Intermediate Certificates on your Cerberus FTP Server.
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Cerberus FTP Server: Creating Your CSR with the ÃÛÌÒTV Utility.
To install and configure your SSL Certificate, do the following:
-
Use the ÃÛÌÒTV Certificate Utility to import your SSL Certificate to your Microsoft server or workstation.
See How to Import Your SSL Certificate Using the ÃÛÌÒTV Certificate Utility.
-
Use the ÃÛÌÒTV Utility to export your SSL Certificate, along with its RSA key (private key), and the ÃÛÌÒTVCA Intermediate Certificate in an Apache compatible format.
See How to Export Your SSL Certificate Using the ÃÛÌÒTV Certificate Utility.
-
Upload and implement your SSL Certificate using the Cerberus FTP Server console.
See Cerberus FTP Server: How to Install Your SSL Certificate.
i. How to Import Your SSL Certificate Using the ÃÛÌÒTV Certificate Utility
After we validate and issue your SSL Certificate, you can use the ÃÛÌÒTV® Certificate Utility for Windows to import the file to your Microsoft server.
-
On the Windows server or workstation where you created the CSR, open the ZIP file containing your SSL and Intermediate Certificates and save the contents of the file (i.e. yourdomain_com.crt and ÃÛÌÒTVCA.crt).
-
Run the ÃÛÌÒTV® Certificate Utility for Windows (double-click ÃÛÌÒTVUtil).
-
In the ÃÛÌÒTV Certificate Utility for Windows©, click SSL (gold lock) and then, click Import.
-
In the Certificate Import window, under File Name click Browse to browse to the .cer (i.e. your_domain_com.cer) certificate file that ÃÛÌÒTV sent you, select the file, click Open, and then, click Next.
-
In the Enter a new friendly name or you can accept the default box, type a friendly name for the certificate. The friendly name is not part of the certificate; instead, it is used to identify the certificate.
We recommend that you add ÃÛÌÒTV and the expiration date to the end of your friendly name, for example: cerberus-cert.digicert.expiration-date. This information helps identify the issuer and expiration date for each certificate. It also helps distinguish multiple certificates with the same domain name.
-
To import the SSL Certificate to your server, click Finish.
You should receive a message that the certificate was successfully imported, and you should now see your SSL Certificate in the ÃÛÌÒTV Certificate Utility for Windows©, under SSL Certificates.
ii. How to Export Your SSL Certificate Using the ÃÛÌÒTV Certificate Utility
After importing your SSL Certificate to your Microsoft server or workstation, you use the ÃÛÌÒTV Certificate Utility to export your SSL Certificate, its RSA key (private key) and the ÃÛÌÒTVCA Intermediate Certificate in an Apache file format (.pem).
-
Run the ÃÛÌÒTV® Certificate Utility for Windows (double-click ÃÛÌÒTVUtil).
-
In the ÃÛÌÒTV Certificate Utility for Windows©, click SSL (gold lock), select the SSL Certificate that you want to export, and then, click Export Certificate.
-
On the Certificate Export page, select Yes, export the private key, then select key file (Apache compatible format), and finally, click Next.
-
In the File name box, click ¡ to browse to the location where you want to save the .key and .crt files.
Note: The SSL Certificate and ÃÛÌÒTVCA Intermediate Certificate .crt files are .pem formatted; a .crt extension is used instead of the .pem.
-
Click Finish to export the SSL Certificate, private key, and intermediate certificate.
This creates the following files that you will need to upload and implement using your Cerberus FTP Server console:
-
Private Key: your_domain_com.key
-
Server Certificate: your_domain_com.crt
-
Intermediate Certificate: ÃÛÌÒTVCA.crt
-
-
After you receive the "Your certificate and key have been successfully exported" message, click OK.
Export Note:
If your Cerberus FTP Server is not on the Windows server/workstation, open the folder where you saved your .key and .crt files and copy the files to your Cerberus FTP Server.
-
You are now ready to upload and implement these certificate files (your_domain_com.key, your_domain_com.crt, and ÃÛÌÒTVCA.crt) using the Cerberus FTP Server console.
iii. Cerberus FTP Server: How to Install Your SSL Certificate
-
Log into your Cerberus FTP Server console.
-
In the Cerberus FTP Server console, on the Summary tab, in top-menu, click Configure.
-
In the Server Manager window, in the sidebar menu, click Security (gold lock).
-
On the Security page, under Security, check Enable SSL/TLS.
-
Next under Server Key Pair, do the following:
Certificate: Click the folder to browse for and select your SSL Certificate (i.e. your_domain_com.crt). Private Key: Click the folder to browse for and select your private key (i.e. your.domain.com.key). CA File: Click the folder to browse for and select the ÃÛÌÒTVCA.crt intermediate certificate. -
Verifying Your Certificate is Configured Correctly
In the Server Manager window, on the Security page, click Verify to verify that you correctly configure the SSL Certificate.
-
Then, click Save.
You have successfully installed and configured your Cerberus FTP Server SSL Certificate.
Test Your Installation
To verify that the installation is correct, use our ÃÛÌÒTV® SSL Installation Diagnostics Tool and enter the DNS name of the site (i.e. www.yourdomain.com or mail.yourdomain.com) that you are securing to test your SSL Certificate.
Troubleshooting
If your Cerberus FTP Server is on a Windows server, and you run into certificate errors, try repairing your certificate trust errors using the ÃÛÌÒTV® Certificate Utility for Windows. If this does not fix the errors contact support.