Creating A Self-Signed Certificate In Serv-U - KB Article #1683Related Articles -- 1053, 1712, 2041
Serv-U supports both self-signed certificates and third-party signed certificates such as those available from "root" Certificate Authorities. There are benefits to both, but the primary difference is that self-signed certificates are "untrusted" by users (they must be manually accepted), while third-party certificates are trusted by default because those Certificate Authorities are globally trusted across various platforms and systems.
Creating A Self-Signed Certificate
Creating a self-signed certificate in Serv-U is quick and easy. To do so, navigate to the Encryption page of either Domain Limits & Settings or Server Limits & Settings, select "Create Certificate, and complete the following steps:
- Specify the Certificate Set Name that is used to name each of the files Serv-U creates
- Specify the output path where the created files are to be placed. In most cases, the installation directory is a safe location (i.e, C:\Program Files\RhinoSoft\Serv-U\)
- Specify the city/town in which the server or corporation is located
- Specify the state (if applicable) in which the server or corporation is located
- Specify the 2-digit country code for the country in which the server or corporation is located
- Specify the password used to secure the private key
- Specify the full organization name
- Specify the common name of the certificate. The IP address or the Fully Qualified Domain Name (FQDN) that Users use to connect must be listed here. NOTE: If the Common Name is not the IP address or FQDN used by clients to connect, clients may be prompted that the certificate does not match the domain name they are connecting to
- Specify the business unit the server resides in
- Click the Create button to complete certificate creation
Note: The "Common Name" field must match the fully qualified domain name or IP address that users specify in their FTP client to connect, or users will encounter "certificate mismatch" errors. The Common Name does not need to be the same as the primary domain.
Any users connecting using SSL/HTTPS will now be prompted to accept the certificate.
Using A 3rd Party Certificate
Using a 3rd party signed certificate means that a large corporation has assured the identity of your server and because of this it will be trusted by most users and systems. To use a third party certificate, first obtain the certificate from a certificate authority such as Verisign or Thawte, then complete the following steps:
- Browse for the Certificate file to be used (a .crt file).
- Browse for the Private Key file to be used (a .key file)
- Enter the password for the Private Key file
- Click "Save"
- View the certificate to ensure that all details are accurate