Certificate path format

Certificate file path syntax

2.14.1+ Environment variables specified as %name% can be used in file paths (not passwords or other fields).

<path> [; key=<key path>] [; password=<password>]

key: path to a private key file associated with the certificate. If not specified, the certificate file is assumed to contain the private key.
password: password to decrypt the certificate file. If not specified, the certificate file is assumed to be unencrypted.

Examples

%ProgramData%\Rebex\BuruSftp\certificates\cert.pfx;password=secret

Supported formats

PKCS #12 (.pfx, .p12)
DER-encoded X.509 (.cer, .crt, .der, .pem)

Certificate store path syntax

cert:\<location>\<store>\<CN, SAN or thumbprint> [; thumbprint=<hex thumbprint>] [; CA=<CN of CA>] [; root=<CN or Root CA>]

location can be CurrentUser or LocalMachine
store can be e.g. My, Root, CA, etc.
CN, SAN or thumbprint can be either of:
- Common Name (CN), e.g. example.com
- Subject Alternate Name (SAN), e.g. example.org
- Thumbprint in hexadecimal format, e.g. 4110908f77c64c0edfc2de6273bfa9a98a9c5ce5
- * to match any certificate

Examples

# Local Computer\Personal\Certificates with CN=example.com and CA=mycertauthority.com 
cert:\LocalMachine\My\example.com;CA=mycertauthority.com

# Current User\Personal\Certificates with thumbprint=3aae0a5e776652d58c54e98c644faf97e6b7c546
cert:\CurrentUser\My\3aae0a5e776652d58c54e98c644faf97e6b7c546

When more than one certificate matches the criteria, the one with the latest effective date and currently valid is used.