Certificate path format
Certificate file path syntax
2.14.1+ Environment variables specified as %name%
can be used in file paths (not passwords or other fields).
<path> [; key=<key path>] [; password=<password>]
key
: path to a private key file associated with the certificate. If not specified, the certificate file is assumed to contain the private key.password
: password to decrypt the certificate file. If not specified, the certificate file is assumed to be unencrypted.
Examples
%ProgramData%\Rebex\BuruSftp\certificates\cert.pfx;password=secret
Supported formats
- PKCS #12 (
.pfx
,.p12
) - DER-encoded X.509 (
.cer
,.crt
,.der
,.pem
)
Certificate store path syntax
cert:\<location>\<store>\<CN, SAN or thumbprint> [; thumbprint=<hex thumbprint>] [; CA=<CN of CA>] [; root=<CN or Root CA>]
location
can beCurrentUser
orLocalMachine
store
can be e.g.My
,Root
,CA
, etc.CN, SAN or thumbprint
can be either of:- Common Name (CN), e.g.
example.com
- Subject Alternate Name (SAN), e.g.
example.org
- Thumbprint in hexadecimal format, e.g.
4110908f77c64c0edfc2de6273bfa9a98a9c5ce5
*
to match any certificate
- Common Name (CN), e.g.
Examples
# Local Computer\Personal\Certificates with CN=example.com and CA=mycertauthority.com
cert:\LocalMachine\My\example.com;CA=mycertauthority.com
# Current User\Personal\Certificates with thumbprint=3aae0a5e776652d58c54e98c644faf97e6b7c546
cert:\CurrentUser\My\3aae0a5e776652d58c54e98c644faf97e6b7c546
When more than one certificate matches the criteria, the one with the latest effective date and currently valid is used.