burusftpwa certgen
2.4.3+ Generates a self-signed X.509 certificate for TLS (HTTPS or FTPS). Not recommended for public-facing servers. For a step-by-step guide, see Generate Self-signed X.509 Certificates (CLI).
The command creates two files: <filename>.pfx (certificate with private key) and <filename>.crt (certificate only).
Synopsis
burusftpwa certgen [options] <filename>Options
-a, --alt-hosts <names>
Comma-separated Subject Alternative Names (SAN). Optional.
-b, --bits <bits>
Private key size in bits.
Default:4096 (rsa), 521 (ecdsa).-h, --hash (sha-256 | sha-384 | sha-512)
Signature hash algorithm.
Default:sha-256.-m, --months <months>
Length of validity in months.
Default:12.-p, --password <password>
Password for the created .pfx file.
empty password.-s, --subject <distinguished-name>
Subject of the certificate.
Default:CN=localhost.-t, --type (rsa | ecdsa)
Key algorithm.
Default:rsa.Examples
# RSA 4096-bit, SHA-256, issued for localhost, valid for 12 months
burusftpwa certgen certfile
# ECDSA P-384, SHA-384, issued for my-domain.com with SANs, valid for 10 years
burusftpwa certgen -t ecdsa -b 384 -h sha-384 -s "CN=my-domain.com" -m 120 -a "my-domain.com, www.my-domain.com" certfile