Generate Server Certificate using OpenSSL

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
sam_ok
503 Bad sequence of commands
Posts: 20
Joined: 2011-03-25 10:14
First name: Sam
Last name: Chan

Generate Server Certificate using OpenSSL

#1 Post by sam_ok » 2016-08-23 10:06

I use to generate server certificate by FileZilla server but the validity period is just for one year only. Now I try to use openssl to generate the same server certificate but for a longer period.

The content of the certificate file (one single file) generated by FileZilla is as follows:

-----BEGIN RSA PRIVATE KEY-----
.....
.....
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
.....
.....
-----END CERTIFICATE-----

One single file contains two sections.

When I used the following openssl command to generate self-signed certificate, it generated two files. One is 'key.pem' and another one is 'cert.pem':

# openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 730 -nodes

For key.pem file, it contains the following content:

-----BEGIN PRIVATE KEY-----
.....
.....
-----END PRIVATE KEY-----

For cert.pem file, it contains the following content:

-----BEGIN CERTIFICATE-----
.....
.....
-----END CERTIFICATE-----

Do I need to concatenate these two files (key.pem, cert.pem) into one, changing the labelling just like the one generated by Filezilla server, and try to install it in client side?

User avatar
boco
Contributor
Posts: 25454
Joined: 2006-05-01 03:28
Location: Germany

Re: Generate Server Certificate using OpenSSL

#2 Post by boco » 2016-08-23 11:51

No need to join the files. You could do it nonetheless, for preventing key and cert becoming separated.

If you leave it as two files, just select the correct file for each field on the SSL page (key to Private key, and cert to Certificate field). If you joined the files just select the same for both.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

sam_ok
503 Bad sequence of commands
Posts: 20
Joined: 2011-03-25 10:14
First name: Sam
Last name: Chan

Re: Generate Server Certificate using OpenSSL

#3 Post by sam_ok » 2016-08-25 06:36

Thank you very much.

I have tried myself today. No need to change the label. No need to concatenate the files. Just do as what you have said: put the key file to 'Private Key File' field, and then put the certificate file to 'Certificate File' field.

Restart the FTP server. That is.

As I am testing the connection with host, upload the certificate file to host. Leave the key file untouched. Install the certificate file in host and try to establish a connection. Bravo! Session could be established successfully.

Post Reply