Page 1 of 1

How do I generate a certificate request for a 3rd party cert

Posted: Thu Dec 10, 2009 9:55 am
by FTP
Step 1 - Create a new SSL certificate using WingFTP
You can create a new SSL certificate at "Server -> Settings -> SSL Certificate Manager". For example, you name the certifcate "new_ssl_cert", and choose "d:/certfiles" as the output directory, then WingFTP will generate three files under "d:/certfiles":
"new_ssl_cert.crt": the self-signed certificate file.
"new_ssl_cert.key": the private key file. Please keep it secret to avoid other party misusing your SSL certificate.
"new_ssl_cert.csr": the Certificate Signing Request file. You can send it to the Certificate Authorities(CAs) to apply for a signed certificate.


Step 2 - Send the Certificate Signing Request file to CA
If your request is successful, you will get a signed certificate from the CA. Replace the previous certificate file "new_ssl_cert.crt" with the new signed .crt file.

Please note that if your SSL certificate is issued by some intermediate certificate authorities, you may need to take some further steps to make it work. You need to create a new file with extension of ".crt" and make a certificate chain in it. The basic format of the certificate chain is like this:
-----BEGIN CERTIFICATE-----
your site certificate signed by CA
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA 1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA 2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA n
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Root CA
-----END CERTIFICATE-----

step 3 - Config your domain with the certificate signed by CA
After your certificate be signed and added under "Server -> Settings -> SSL Certificate Manager", you also need to select it under "Domain -> Settings -> General Settings -> Miscellaneous -> SSL Certificate".



Note: When you create the self-signed certificate in the first step, the "Domain Name/Common Name" field must match the fully qualified domain name or IP address of your server, or clients will encounter "Certificate Mismatch" error.