How to generate a self signed certificate

This article explains how to generate a self signed certificate. A self-signed certificate is an identity certificate signed by its own creator. That is, the person that created the certificate also signed off on its legitimacy.

On this page: Create a self signed certificate Backup to SFTP server using personal certificate store Video Tutorial Backup to SFTP server

In typical public key infrastructure (PKI) arrangements, a valid public key certificate is validated (i.e., contains correct information) by a digital signature from a certificate authority (CA). Users, or their software on their behalf, check that the private key used to sign some certificate matches the public key in the CA's certificate. Since CA certificates are often signed by other, "higher ranking," CAs, there must necessarily be a highest CA, which provides the ultimate in attestation authority in that particular PKI scheme.

Create a self signed certificate

The applications required in this section:

  • Makecert.exe can be downloaded from: http://msdn.microsoft.com/en-us/library/bfsktky3%28VS.80%29.aspx
  • Pvk.exe can be downloaded from http://www.drh-consultancy.demon.co.uk/pvktool.zip
  • Ssh-keygen (which is part of openssh) can be downloaded from http://www.openssh.com
  • FileZilla can be downloaded from http://filezilla-project.org/download.php
  • FreeSSHd can be downloaded from http://www.freesshd.com
  • OpenSSL can be download from: http://www.openssl.org/source
  • WordPad - included in Windows

Follow these steps:

  1. Put Makecert.exe application on C: drive.
  2. Open a command line window.
  3. Type C:\makecert -r -n "CN=NewStart" -pe -ss my to create a self signed certificate
  4. Type C:\makecert -n "CN=roma" -pe -ss my -in NewStart -is my to create a new certificate linked to previous one
  5. Export key to pfx using this command: certmgr -c -s my -put roma.pfx
  6. Extract private key as .pem from .pfx
    Type D:\OpenSSL\openssl.exe pkcs12 -in D:\roma.pfx -nocerts -out d:\roma.pem
  7. Open D:\roma.pem with WordPad and delete everything before -----BEGIN RSA PRIVATE KEY-----
  8. Load roma.pem in FileZilla client (go to Edit menu->Settings->Connection->SFTP)
    It will convert roma.pem to roma.ppk (PUTTY key format)
  9. Extract public key from roma.pem and create roma.pub
    D:\ssh-keygen -e -f d:\roma.pem D:\roma.pub
  10. In freeSSHd server, go to Settings->Authentication
  11. Select the Public key authentication and disable all other methods.
  12. Indicate the public key folder and make sure you copy the roma.pub file in that folder.

Backup to SFTP server using personal certificate store

To make a backup to SFTP server with Backup4all, please follow these steps:

  1. Open Backup4all, press File->New Backup
  2. Press Advanced mode 
  3. Type a name for your backup job 
  4. On SFTP server press Edit configuration
  5. Enter the SFTP server details
  6. Under Private key section, select Personal certificate store and choose roma certificate from the list.
  7. Press OK.
  8. Go to Sources page and add the backup sources.
  9. On Type page, select the backup type to use.
  10. Press Save and run.

Video Tutorial Backup to SFTP server:

Applies to:

Backup4all 4.x or later.

Comments


NEW: Backup4All 6.2.245