WebDrive Certificate Manager
Certificates provide an essential layer of security to file transfers by verifying the origin of the transfer. An electronic document can be signed with a certificate, bound to the sender’s public key, which creates a unique signature that can only be decoded by the matching private key.
WebDrive's Certificate Manager allows you to create new certificates, import previously-made certificates and private keys, and sign your own certificates. Once you have certificates stored in WebDrive, you can also use the Certificate Manager to Delete, Export, Update, or View the Properties of your certificates.
Where is the Certificate Manager?
To find the Certificate Manager, launch the WebDrive Administrator. Select a site profile that uses SSL/TLS (HTTPS, WebDAVS) and open the Site Settings (either by clicking the Site Properties button in the top menu, or right-clicking the site profile and selecting Properties).
Create a New Certificate
- Click Create to create a certificate. This will launch the SSL Certificate Wizard.
- You must supply valid information for each field for the certificate to validate. The Common Name (CN) is the name of the server you are connecting to. Avoid using special characters (though the asterisk (*) symbol is valid when used as a wildcard to cover many different domains). Please note that some Certificate Authorities do not allow you to abbreviate the State/Province name. Click Next.
- Select a desired key length for your certificate. Longer key lengths provide better security but result in slower performance. Shorter keys run faster but are less secure. Key lengths of 2048 bits or larger are recommended for secure environments. Click Next.
- Your certificate name will populate automatically. Create a Private Key password. Your password is case sensitive and must be at least four characters with no spaces. After you confirm your password, click Next.
- There are three options available for generating your certificate:
- Self-sign this certificate—Self-signed certificates are relatively unsecure. In general, this option should only be used for testing purposes and should not be used in a production environment.
- Generate CSR for signing by a Trusted Certificate Authority—Select this option if you would like to generate a Certificate Signing Request (CSR) to send to an external Certificate Authority (CA) or Trusted Authority for signing. Once the CSR has been signed and your certificate generated, you will be able to update your CSR and use your newly signed certificate. Export the certificate request to a directory by using the “…” browse button. For more information about generating a CSR for signing by a Trusted Certificate Authority, see the section on CSRs below.
- Sign this certificate using the following Trusted Certificate—Select this option if you would like to sign this new certificate using a trusted certificate already in your certificate store.
- Click Finish when you are done configuring these options and close the window.
Import a Certificate
Click Import to import an already-existing certificate and private key.
Import Certificate provides two options for importing your certificate, which depend on whether your certificate is stored in one file or two:
- Import my Certificate and Private Key from a single file (PKCS#12)—Use the “…” browse button to browse to your .p12 file. Type your Private Key password, confirm your password, and type a name used to identify this certificate in the system. When you are finished, click Import.
- Import my Certificate and Private Key from separate files—Use the “…” button to browse to your .crt file. If you would also like to Import your Private Key Information, select this check box and browse to your .key file. You must then type your Private Key password and confirm your password. Type a name used to identify this certificate in this system. When you are finished, click Import.
Your certificate will be imported and added to the Certificate list.
What is a CSR?
Having a certificate signed by a Certificate Authority (CA) adds a robust layer of authenticity and security to your certificate. If you opted to create a certificate and have it signed by a Certificate Authority, follow these steps:
After selecting Generate CSR for signing by a Trusted Certificate Authority, export the certificate request to a directory by using the “…” browse button. Be sure to take note of where you save the .csr file; you will need to access it again to send it to the Certificate Authority. Click Finish.
You will see a message indicating that your CSR has been successfully exported to the directory you specified. Click Close to close the Certificate Manager.
Sending the CSR to the Certificate Authority
Open your .csr file in a WordPad or other text editor. Copy the text of the entire file, including the words “Begin Certificate Request” and “End Certificate Request”.
You must choose a Certificate Authority. There are many to choose from, such as:
The CA’s website should include a place for you to paste your CSR and provide any additional information required by the Certificate Authority.
After you submit your Certificate Signing Request, the CA will verify the information and create a certificate for you. The time necessary to create a certificate varies from authority to authority, so check with the specific CA for turn-around times.
Signing a CSR
Select a certificate in the list and click Sign CSR, if you have a certificate ready to be signed. The Certificate Signing Wizard will launch.
The Certificate Signing Wizard provides two options for signing your certificate:
- Sign a CSR in local store—Use the dropdown arrow to select your certficate and type your password. Click Next when you are finished.
- Select an external CSR—Use the “…” button to browse to and save the certificate. Click Next when you are finished.
Select the certificate name using the dropdown arrow. Type the password used to access the keypair for the selected certificate. You can change the Valid From and Valid To dates by using the dropdown arrow. Click Finish.
Your certificate should appear in the Certificate List.
There are two common methods of updating your certificate. The easier method is to renew your current certificate and then copy the new private key information into the old file, which doesn’t require a new CSR. If you require a new CSR, you’ll need to replace the file.
Steps for renewing a certificate:
- Go through the normal process for renewing your existing certificate and download the new SSL certificate .zip in from the manager. Make sure to select Other server type, which determines the format of the certificate.
- Unzip the folder, which should contain two files: one is a common name certificate, while the other will likely be specific to your certificate host (for instance, GoDaddy certificate files begin with gd in the filename).
- Since the running server is using the old certificate, you can’t change that file. Go to the old cert store folder and make a copy of the old .pem file. There is a public and private section of the file.
- Open new certificate, select all, and copy. Paste this over the existing private key information in the new .pem file.
- Rename the old file to something new (for example, webdrive.com_OLD), and change the copied filename to the old filename, so WebDrive will draw from the correct certificate information.
After the Certificate Authority approves your CSR, it will email you a secure link to access your certificate. Copy your certificate to WordPad and save in .crt format. When you name your .crt file, do not use extra periods or special characters. Be sure to take note of where you save the .crt file; you will need to access it again to update the certificate stored in the server.
Launch the Certificate Manager. Select Update CSR. Do not choose Import—this will invalidate your CSR.
The Update CSR Utility will launch. Use the dropdown arrow to select the CSR File you would like to update with a signed certificate. Once updated, the CSR will become a valid certificate associated with your key pair. Type your password. Use the “…” button to browse to the location of your certificate file. When you are finished, click Update. Click OK.
Your CSR is now upgraded to a verified certificate file. You may now use the certificate.