Using the Certificate Creation Wizard

The Certificate Creation wizard is a user-friendly tool that guides you through the process of creating keys and certificates, without the need for using a command line.

The private key (.key) and certificate request (.csr) files are created at the same time. You are prohibited from creating certificates for the Server while remotely administering the Server because this action can create a security breach. Any certificates you create remain on the computer on which you created them, unless you take special steps to deliver and associate these files with another computer.

To create an SSL certificate with the Certificate Creation Wizard

1. In the Administrator, connect to the server, then click the Server tab.

2. Do one of the following:

• On the main menu, click Tools, then click Certificate Creation Wizard.

• On the toolbar, click the New SSL Certificate icon.

The Create SSL Certificate wizard appears.

3. In the Certificate name box, specify the name of the certificate that will be generated.

4. In the Output Location box, specify the path to the folder in which the certificate is to be saved. The wizard saves the .key, .csr, and .crt files in this folder.

If you are purchasing a signed certificate from a certificate authority (CA), you usually need to forward the contents to the CA. Locate the .csr and open it in a text editor, then copy and paste the contents into an e-mail.

5. In the Expiration Date box, specify how long the certificate is to remain valid.

6. In the Passphrase and Confirm passphrase boxes, type the passphrase used to encrypt the private key. The passphrase can be any combination of characters or spaces. Do not lose the passphrase; the certificate is useless without it.

7. In the Key Length (in bits) box, specify the key length: 512, 1024, 2048, or 4096 bits. Smaller keys are faster, larger keys are more secure.

8. Click Next. The Certificate Information page appears. Each of the boxes must be completed before continuing. The information you provide is stored in the certificate.

9. In the City/Town box, provide the name of your city, town, or other locality.

10. In the State/Province box, provide the name of the state or province.

11. In Organization box, provide the name of your organization, or any other designator.

12. In the Common Name box, provide the common name or fully qualified domain name, such as www.globalscape.com. (Typically, the name or domain name associated with the Site.)

13. In the E-Mail box, provide your e-mail address in the format username@domain.com.

14. In the Unit box, type any other information about your organization, such as department name.

15. In the Country box, provide the 2-letter ISO country code using uppercase letters.

16. Click Next. The Certificate Options page appears.

17. If Use this certificate for server authentication is cleared, the wizard saves only the certificate files in the folder you previously specified. If selected, the wizard associates the certificate to the administration service or a site(s) you specify.

Associating a new certificate with a Site requires a restart of the Site, and any active users will be disconnected, so it is recommended that you associate certificates when Sites are inactive or stopped.

18. If Add this certificate to the Trusted Certificate list is selected, the wizard adds the certificate to the Trusted Certificates database. Use this feature if you are creating certificates for user distribution. You can limit Server access to just the users that have the certificate. You can verify the addition to the Trusted Certificate database by clicking Tools, then Certificate Manager, or on the toolbar, click the Certificate Manager icon.

19. In the Apply certificate to list, specify the component of the Server affected.

20. Click Finish.