burusftp certgen
NAME
2.15.3+ burusftp certgen [options] <filename> - Generates a self-signed X.509 certificate. The certificate can be used to enable TLS (HTTPS or FTPS).
It is not recommended to use self-signed certificates on public servers.
DESCRIPTION
The certgen command generates two files: <filename>.pfx and <filename>.crt. The <filename>.pfx file contains a certificate with an associated private key. The <filename>.crt file is a certificate only.
OPTIONS
-p, --password <password>- Password for the created
.pfxfile. Default: empty password.
- Password for the created
-t, --type (rsa|ecdsa)- Key algorithm. Default:
rsa.
- Key algorithm. Default:
-b, --bits <bits>- Number of bits in the key to create. Default:
4096for rsa,521for ecdsa.
- Number of bits in the key to create. Default:
-h, --hash (sha-256|sha-384|sha-512)- Signature hash algorithm. Default:
sha-256.
- Signature hash algorithm. Default:
-s, --subject <distinguished_name>- Subject of the certificate. Default:
CN=localhost.
- Subject of the certificate. Default:
-m, --months <number>- Length of validity in months. Default:
12.
- Length of validity in months. Default:
-a, --alt-hosts <names>- Comma-separated Subject Alternative Names (SAN). Optional.
EXAMPLES
# Generate an X.509 certificate with a 4096-bit RSA key and SHA-256, issued for `localhost`,
# valid for the next year, and save it to certfile.pfx and certfile.crt files.
burusftp certgen certfile
# Generate an X.509 certificate with an ECDSA NIST P-384 key and SHA-384, issued for my-domain.com,
# valid for the next 10 years, and save it to certfile.pfx and certfile.crt files.
burusftp certgen -t ecdsa -b 384 -h sha-384 -s "CN=my-domain.com" -m 120 -a "my-domain.com, www.my-domain.com" certfile
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.