burusftpwa certgen

NAME

burusftpwa certgen <filename> - Generates a self-signed X.509 certificate. The certificate can be used to enable TLS (HTTPS) for the Web Administration.

It is not recommended to use self-signed certificates on public servers.

DESCRIPTION

The certgen command generates two files: <filename>.pfx and <filename>.crt. The <filename>.pfx file contains a certificate with an associated private key. The <filename>.crt file is a certificate only.

OPTIONS

  • -p, --password <password>
    • Password for the created .pfx file. Default: empty password.
  • -t, --type (rsa|ecdsa)
    • Key algorithm. Default: rsa.
  • -b, --bits <bits>
    • Number of bits in the key to create. Default: 4096 for rsa, 521 for ecdsa.
  • -h, --hash (sha-256|sha-384|sha-512)
    • Signature hash algorithm. Default: sha-256.
  • -s, --subject <distinguished_name>
    • Subject of the certificate. Default: CN=localhost.
  • -m, --months <number>
    • Length of validity in months. Default: 12.
  • -a, --alt-hosts <names>
    • Comma-separated Subject Alternative Names (SAN). Optional.

EXAMPLES

  • burusftpwa certgen certfile

    • Generates an X.509 certificate with a 4096-bit RSA key and SHA-256, issued for localhost, valid for the next year, and saves it to certfile.pfx and certfile.crt files.
  • burusftpwa certgen -t ecdsa -b 384 -h sha-384 -s "CN=my-domain.com" -m 120 -a "my-domain.com, www.my-domain.com" certfile

    • Generates an X.509 certificate with an ECDSA NIST P-384 key and SHA-384, issued for my-domain.com, valid for the next 10 years, and saves it to certfile.pfx and certfile.crt files.