Installing a Digital Certificate

Digital Certificate Support

There are generally two options for obtaining a digital certificate (and a private key).

  1. You can generate your own certificate using the Cerberus Create Cert button.
  2. You can obtain a certificate from a recognized Certificate Authority

Which is more appropriate really depends upon your goals. If you just want to make sure that client and server connections are securely encrypted then a self-signed certificate is all you need. It has the benefit of being easily created through Cerberus and completely free.

Creating a Self-Signed Certificate

If you just want to be sure that connections are security encrypted then a self-signed certificate is sufficient for your organization.

Steps to Create a Self-Signed Certificate:

  1. Open the Server Manager by selecting the Configuration -> Server Manager item from the main menu.
  2. Select the Security page.Steps to Create a Self-Signed Certificate
    Security settings page of the Server Manager
  3. Click the Create Cert button
  4. A Create a Self-Signed Certificate dialog will appear that asks for certificate details. The organization details that you use will be displayed to the FTP client user when they securely connect to your server. The Key Type should normally be RSA for maximum client compatibility. They Key Length value controls how strong the generated keys are and should normally be set to 2048. The default validity period for the certificate is 1095 days (3 years). Press the Generate button to create the certificate.How to create a Self-Signed Certificate dialog
    Create a Self-Signed Certificate dialog
  5. A self-signed certificate will be created and Cerberus will be automatically configured to use it.
  6. Click Ok to close the Server Manager. If no certificate was previously being used then Cerberus will configure itself immediately to use the new certificate. You may need to restart the FTP server service if you were overwriting a previous certificate.

Using a Certificate created by a 3rd Party Certificate Authority

If your goal is to make sure that your clients can verify that the server they are connecting to is legitimate, and to ensure users don’t see any warning messages about being “unable to verify the server”, then you must use a certificate signed by a trusted certificate authority. You will have to contact one of the recognized Certificate Authorities such as Comodo, Thawte, Verisign or one of the many other recognized Certificate Authorities and request a server certificate (for a price).

Steps to Import a 3rd Party Certificate:

  1. Ensure that you have a digital certificate and private key in a format that Cerberus FTP Server understands. First, you will need to generate a new certificate (either by purchasing one from a public Certificate Authority, or you can install a Certificate Authority in your domain). You need to have a public certificate and a private key along with the passphrase for the private key.
  2. Open the Server Manager by selecting the Configuration -> Server Manager item from the main menu.
  3. Select the Security page.How to Import a 3rd Party Certificate
    Security settings page of the Server Manager
  4. Under the Server Key Pair group, Click the Certificate button.
  5. A file open dialog will appear that will allow you to select the public certificate provided from your certificate authority.
  6. Under the Server Key Pair group, Click the Private Key button.
  7. A file open dialog will appear that will allow you to select the server’s private key. If your public and private key are in the same file then set this path to be the same as the Certificate file path.
    NOTE: Cerberus understands both DER and PEM encoded certificate formats.
  8. Needs Key Password – Check this option if the digital certificate is encrypted.
  9. Password – If the digital certificate is encyrpted then this is the password used to decrypt your digital certificate. The password is the same password you used to create the certificate request with your 3rd party certificate authority.
  10. Click the Verify button to verify that Cerberus FTP Server can read the certificate and private key. If there are no errors then the certificate is valid and can be used by Cerberus.
  11. Click Ok to close the Server Manager. If no certificate was previously being used or the certificate file path changed then Cerberus will configure itself immediately to use the new certificate.
Close Cart

Shopping Cart