Obtaining and Importing SSL Client Certificates

See also: About SSL Client Certificates.

• Obtaining a Certificate

Certificates are typically delivered in one of the following forms:

• Two ASCII files with extensions .crt and .key (or .cer and .key).
• One binary file with the extension .p12 or .pfx.

1. From the server administrator of your FTP server, obtain the following:
   • A certificate that has been registered with the FTP server.
   • The password for that certificate.
2. Put the certificate files on the computer that is running MOVEit Automation. If you are using a network file transfer mechanism to transmit the certificate files, use the proper ASCII vs binary transfer method.

• Converting the Certificate

Microsoft software imports client certificates from .p12 (also known as .pfx) files. If you received .crt and .key files instead of a .p12 file, you must convert them to .p12 format. You can do this with the free program OpenSSL.exe from the OpenSSL Project.

Example

You receive the files fred.crt and fred.key. To convert them to a single fred.p12 file, use the following command:

openssl pkcs12 -inkey fred.key -in fred.crt -export -out fred.p12

The command prompts for the password to the fred.key file before it writes the fred.p12 file.

• Importing the Certificate

MOVEit Automation accesses the Current User store when looking for certificates, and can install (import) a certificate into this store.

1. In Web Admin, select SETTINGS > Keys and Certs > Import > SSL Client Cert. Select the .p12 file and click Open.
2. Provide the password and click OK.