CREATING, SIGNING, CHAINING, AND ASSIGNING A CERTIFICATE IN EFT SERVER PAGE 1 OF 5
CREATING, SIGNING, CHAINING, AND
ASSIGNING A CERTIFICATE IN EFT SERVER
This document provides instructions for creating an SSL certificate, signing the certificate, chaining the
certificate, and then finally, adding the certificate to EFT Server.
I. Create an SSL certificate:
Refer to the online help file topic at: http://help.globalscape.com/help/eft7-3/mergedprojects/eft/
creatingsslcertificates.htm
II. Sign the certificate:
The *.csr, *.crt, and *.key file are located at the EFT Server application data root: C:\Documents and
Settings\All Users\Application Data\GlobalSCAPE\EFT Server\ or \EFT Server Enterprise\. There you
can retrieve the *.csr file to send to VeriSign, Thwate, GoDaddy, etc. using the same process that you
normally do. Just make certain that you request the certificate in Apache x509 certificate format.
III. Chain the certificate:
Once you receive the signed *.cer from VeriSign, Thwate, GoDaddy, etc. in your normal fashion, use the
procedure below to chain your signed certificate to the Certificate Authorities intermediate certificate.
(Thwate certificates enrolled after June 27, 2010 require two intermediate certificates.
https://search.thawte.com/support/ssl-digital-
certificates/index?page=content&id=AR1373&actp=search&viewlocale=en_US&searchid=12797304239
33)
In order to ensure that EFT Server and Java
2
(used for the Web Transfer Client (WTC)) present
certificates in a manner that FTP clients and web browsers are going to verify successfully, use the
following instructions to chain the Certificate Authorities’ (CA) intermediate certificate to the signed
certificate. (Unlike VeriSign, for GoDaddy and Thawte certificates, there may be two intermediate
certificates. This means that both will need to be included in the chain.) (Java wants both the original
certificate and the intermediate to be passed for each user.)