A certificate must be associated with the server on the local machine in order to initiate an SSL connection. When you are administering the server on the local machine, you may create certificates using the Certificate Creation Wizard (Tools > Certificate Creation Wizard) or import your own. There are three types of files associated with an SSL certificate key pair:
Private key file (.key) - The private key should never be distributed to anyone. It is used to decrypt the session which is encrypted by the public key.
Certificate request file (.csr) - Each time you create a certificate using GlobalSCAPE Secure FTP Server a Certificate request file is also created. This file can be signed by GlobalSCAPE Secure FTP Server's Certificate Signing Utility or sent to intermediate certificate authority such as Verisign or Thawte for signing.
Certificate file (.crt) - This is a signed certificate, whether self-signed or signed by an intermediate certificate authority.
The private key (.key) and certificate request (.csr) files are created at the same time. You are prohibited from creating certificates for the FTP server while remotely administering the server because this action can create a security breach. Any certificates you create while remotely administering will remain on the remote machine unless you take special steps to deliver and associate these files with the local machine.
On GlobalSCAPE Secure FTP Server's menu bar, choose Tools > Certificate Creation Wizard. The wizard will appear.
Enter the Certificate Name - name the certificate that will be generated by the Certificate Wizard.
Enter the Output Location - click the browse button to the folder where you will save the certificate or type the path to the output folder.
Choose the Expiration Date - define how long the certificate will remain valid.
Enter and confirm the Passphrase – determine the passphrase that will be used to encrypt the private key. The passphrase can be any combination of characters or spaces. Do not lose the passphrase. The certificate will be useless without it.
Choose a Key Length (in bits). Choose 512, 1024, 2048, or 4096 bit keys. Smaller keys are faster, larger keys are more secure.
Click the Next button.
Enter the City/Town where your organization is located.
Enter the State/Province where your organization is located.
Enter the name of your Organization. You cannot use the following characters in the Organization box: / \ [ ] ; : | = , + * ? < > { }.
Enter the Common Name. This is typically your personal name or the domain name associated with the site.
Enter a valid E-Mail address.
Enter a Unit name. Typically you enter a department or branch name.
Enter the two-digit Country code that identifies the country where your organization is located.
Click the Next button.
Use this certificate for Server authentication check box - If cleared, the wizard will only save the certificate files in the folder you specified previously. If selected, the wizard will automatically associate the certificate to the administration service or a site(s) you specify in Step seventeen.
Note: Associating a new certificate with a site requires a restart of the site, and any active users will be disconnected. We recommend that you associate certificates when sites are inactive or stopped.
Add this certificate to the Server Trusted Certificate list check box - When this is selected, the wizard will add the certificate to the Trusted Certificates database. You would use this feature if you were creating certificates for distribution to your users. You could then only allow users who had that certificate to connect to the server. You can verify the addition to your Trusted Certificate Database by choosing Tools > Certificate Manager.
Apply certificate to - Use the drop down box to choose which components of the server will be affected. You can choose a single site or all sites can apply the certificate to the remote administration service.
Click Finish.
Create a certificate while remotely administering
Export a certificate from the Trusted Certificate Database
Import a certificate into the Trusted Certificate Database