How to generate a self signed certificate

This article applies only to Backup4all. If you don't have it yet, you must download it first.

Download Now Buy Licenses
Oct 16, 2019

We strive to keep our articles as accurate as possible. If you notice any inconsistencies or outdated info please let us know.

How to generate a self signed certificate

This article explains how to generate a self signed certificate. A self-signed certificate is an identity certificate signed by its own creator. That is, the person that created the certificate also signed off on its legitimacy.

In typical public key infrastructure (PKI) arrangements, a valid public key certificate is validated (i.e., contains correct information) by a digital signature from a certificate authority (CA). Users, or their software on their behalf, check that the private key used to sign some certificate matches the public key in the CA's certificate. Since CA certificates are often signed by other, "higher ranking," CAs, there must necessarily be a highest CA, which provides the ultimate in attestation authority in that particular PKI scheme.

Create a self signed certificate

  1. Create a new file called "make_cert_openssl.bat" with the following content:
    :: create root certificate request
    openssl genrsa -out b4a_root.key 2048
    openssl req -new -x509 -days 1826 -key b4a_root.key -out b4a_root.crt -subj /C=RO/ST=CLUJ/L=CLUJ-NAPOCA/O=Softland/OU=Backup4all/CN=Backup4all_ROOT
    :: create auth certificate request
    openssl genrsa -out b4a_sftp.key 2048
    openssl req -new -key b4a_sftp.key -out b4a_sftp.csr -config mycertcfg.cnf -subj /C=RO/ST=CLUJ/L=CLUJ-NAPOCA/O=Softland/OU=Backup4all/CN=Backup4all_SFTP
    :: create certificates
    openssl x509 -req -days 730 -in b4a_sftp.csr -CA b4a_root.crt -CAkey b4a_root.key -set_serial 01 -out b4a_sftp.crt
    :: export certificates
    openssl pkcs12 -export -out b4a_certifs.p12 -inkey b4a_sftp.key -in b4a_sftp.crt -chain -CAfile b4a_root.crt

  2. Create another file called "mycertcfg.cnf" with the following content. Put both files in a new folder on your computer.
    [req]
    default_bits = 4096
    distinguished_name = req_distinguished_name
    req_extensions = req_ext

    [req_distinguished_name]
    countryName = Country Name (2 letter code)
    countryName_default = RO
    stateOrProvinceName = State or Province Name (full name)
    stateOrProvinceName_default = Cluj
    localityName = Locality Name (eg, city)
    localityName_default = Cluj-Napoca
    organizationName = Organization Name (eg, company)
    organizationName_default = Softland
    commonName = Common Name (e.g. server FQDN or YOUR name)
    commonName_max = 64
    commonName_default = Backup4all_sftp

    [req_ext]
    keyUsage=digitalSignature, keyEncipherment
  3. Download OpenSSL from: https://slproweb.com/products/Win32OpenSSL.html
  4. Install it in: "C:\OpenSSL-Win64" folder
  5. Open Command Prompt and run this command: set path=%path%;C:\OpenSSL-Win64\bin
  6. In Command Prompt run "make_cert_openssl.bat" file. Some new files will be created in "C:\OpenSSL-Win64"
  7. Run the "b4a_certifs.p12" file, to install the certificate. Make sure you select the option to have this certificate exportable.
  8. Open Backup4all and create a new backup job using SFTP destination. Press Advanced mode button.
  9. On SFTP configuration page, configure the SFTP server.
  10. Select Personal certificate store option and select the "Backup4all_SFTP" certificate.
  11. Press Export public key option and type a name for the exported file. Example: Backup4all.pub
  12. Open the above exported file (Backup4all.pub) using Notedpad or another text editor.
  13. Download and install Putty from: https://www.putty.org/
  14. Open Putty, connect to your SFTP server and install the certificate from "Backup4all.pub" file.
    Example:
    type: cd .ssh
    type: nano authorized_keys
    Copy paste the certificate text on a new line and press Ctrl+X to close, then Y to save.
  15. In Backup4all you can test the connection and then you can run the backup.

Backup to SFTP server using personal certificate store

To make a backup to SFTP server with Backup4all, please follow these steps:

  1. Open Backup4all, press File -> New
  2. Press Advanced mode
  3. On General page, type a name for your backup job
  4. On Destination -> SFTP press Edit configuration
  5. Enter the SFTP server details
  6. Under Private key section, select Personal certificate store and choose Backup4all_SFTP certificate from the list.
  7. Press OK.
  8. Go to Sources page and add the backup sources.
  9. On Type page, select the backup type to use.
  10. Press Save and run.

Video Tutorial Backup to SFTP server