burusftp certgen
2.15.3+ Generates a self-signed X.509 certificate for TLS (HTTPS or FTPS). Not recommended for public-facing servers. For a step-by-step guide, see Generate Self-signed X.509 Certificates (CLI).
The command creates two files: <filename>.pfx (certificate with private key) and <filename>.crt (certificate only).
Synopsis
burusftp certgen [options] <filename>Options
-p, --password <password>
Password for the created .pfx file.
empty password.-t, --type (rsa | ecdsa)
Key algorithm.
Default:rsa.-b, --bits <bits>
Private key size in bits.
Default:4096 (rsa), 521 (ecdsa).-h, --hash (sha-256 | sha-384 | sha-512)
Signature hash algorithm.
Default:sha-256.-s, --subject <distinguished-name>
Subject of the certificate.
Default:CN=localhost.-m, --months <months>
Length of validity in months.
Default:12.-a, --alt-hosts <names>
Comma-separated Subject Alternative Names (SAN). Optional.
Examples
# RSA 4096-bit, SHA-256, issued for localhost, valid for 12 months
burusftp certgen certfile
# ECDSA P-384, SHA-384, issued for my-domain.com with SANs, valid for 10 years
burusftp certgen -t ecdsa -b 384 -h sha-384 -s "CN=my-domain.com" -m 120 -a "my-domain.com, www.my-domain.com" certfile