Certificate path format

The content of this page will be subject to major changes in 3.0.0.

The following examples are subject to YAML escaping rules when used in YAML configuration file.

Certificate file path syntax

<path> [; key=<key path>] [; password=<password>]

key: path to a private key file associated with the certificate. If not specified, the certificate file is assumed to contain the private key.
password: password to decrypt the certificate file. If not specified, the certificate file is assumed to be unencrypted.

Examples

%ProgramData%\Rebex\BuruSftp\certificates\cert.pfx;password="Very \"secret\" password"

Supported formats

PKCS #12 (.pfx, .p12)
DER-encoded X.509 (.cer, .crt, .der, .pem)

Certificate store path syntax

cert:\<location>\<store>\<CN, SAN or thumbprint> [; thumbprint=<hex thumbprint>] [; CA=<CN of CA>] [; root=<CN or Root CA>]

location can be CurrentUser or LocalMachine
store can be e.g. My, Root, CA, etc.
CN, SAN or thumbprint can be either of:
- Common Name (CN), e.g. example.com
- Subject Alternate Name (SAN), e.g. example.org
- Thumbprint in hexadecimal format, e.g. 4110908f77c64c0edfc2de6273bfa9a98a9c5ce5
- * to match any certificate

Examples

# Local Computer\Personal\Certificates with CN=example.com and CA=mycertauthority.com 
cert:\LocalMachine\My\example.com;CA=mycertauthority.com

# Current User\Personal\Certificates with thumbprint=3aae0a5e776652d58c54e98c644faf97e6b7c546
cert:\CurrentUser\My\3aae0a5e776652d58c54e98c644faf97e6b7c546

When more than one certificate matches the criteria, the one with the latest effective date and currently valid is used.

Value syntax

Values enclosed in double quotes (") are treated as a single value, even if they contain spaces or special characters:

backslash (\) can be used to escape double quotes (") and other backslashes (\) within quoted values.
- "very \"secret\" password" ⟶ very "secret" password
backslash followed by any other character is treated as a literal backslash.
- "C:\Program Files" ⟶ C:\Program Files

Values not enclosed in double quotes are treated as a sequence of characters separated by semicolons (;).

backslashes (\) are treated as literal backslashes
double quotes (") characters inside the value are treated as literal double quotes and have no special meaning.
- very \"secret\" password ⟶ very \"secret\" password

2.14.1+ Path values can use environment variables specified as %NAME% (does not apply to passwords or other fields).

"%ProgramData%\Rebex\BuruSftp\certificates\cert.pfx" ⟶ C:\ProgramData\Rebex\BuruSftp\certificates\cert.pfx

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.