How to use a CA-issued certificate (the long way)

If you already own an X.509 (SSL/TLS) digital certificate in PFX format, you know how simple it is to import it into your Server! and use it.

But many of our customers asked for a tutorial on the longer procedure of requesting a digital certificate to a certification authority (CA) via a certificate signing request (CSR). So here’s the fully documented procedure for you.

First of all, you have to generate the CSR, and to do that you will simply go to the Security->FTP(E/S) menu and select the option in the picture below from the certificate drop-down menu:

That will bring up the CSR creation page (the one in the screenshot here below) in which you will fill in all the fields with your host and corporate information:

Once you’ve filled in the above form, you will need to hit the Generate CSR button. This will actually also generate your private key. Make sure you save the private key as shown in the picture below because if you don’t you will not be able to install your certificate later.

Once the private key is saved, the web interface will show you the actual CSR. Make sure you select it all and copy (Ctrl-C) it to clipboard.

Now you need to go to the certification authority’s web site and paste the CSR into their certificate request form.

After a while, they will provide you with a digital certificate in CER format.

Once you receive the digital certificate, you will need to go back to Server!’s web configuration interface, and go – once again – to the Security->FTP(E/S) section, and from there you will need to select the Import Certificate option from the certificate drop-down menu.

That will bring you to the page where you can import digital certificates. In such page you will need to paste the private key in the text box on the left and the certificate you received from the certification authority in the text box on the right, as shown in the picture here below:

If you did everything correctly, you will see an alert that informs you the operation was successful.

Once you have successfully imported your new certificate, please don’t forget to save the configuration in order for the change to take effect.

And one last remark: the procedure described in this article only affects the X.509 SSL/TLS certificate used for the FTPS and FTPES protocols. If you want to change the X.509 certificate used for the HTTPS protocol and the REST API, you will need to use the HTTP/REST Configuration Wizard (run it from the Windows Start menu) in order to do so.