SSL Configuration (for v11.x)
PowerFolder Server offers a possibility to import a SSL certificate to secure the web interface with SSL encryption.
Use an external web server for SSL encryption
If you don't want to use the internal option to provide the web interface with SSL encryption, you can read our documentation about running PowerFolder Server behind an external web server.
Step 1: Enter Organizational Information
Already have a key and certificate?
If you already have a key and certificate, you can skip this step and proceed to step 2.
To install a SSL certificate in PowerFolder Server, a Certificate Signing Request (CSR) must be generated and submitted to a Certification Authority (CA). The CSR contains your certificate-application information, which will be generated in this first step. PowerFolder Server will use this information to create your certificate's Distinguished Name (DN). Distinguished names uniquely identify individual servers.
To start generating the CSR, click on Preferences > Network > Hostname and Ports > HTTPS/SSL port > Setup as an admin in the web interface. Fill out all fields with valid information and click on Next.
| Field | Description |
|---|---|
| Common name | The name entered in the "CN" (common name) field of the CSR MUST be the fully-qualified domain name for the website you will be using the certificate for (e.g. powerfolder.example.com). Do not include the "http://" or "https://" prefixes in your common name. Do NOT enter your personal name in this field. It is the hostname to which clients connect to when using the web interface or one of the PowerFolder Clients. It should match the hostname which was defined in the General server settings during the PowerFolder Server Configuration. |
| Organization | The name under which your business is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request. |
| Organizational Unit | The department within your organization which requests the certificate. If not applicaple, use something like Accounting or IT. |
| City/Locality | Name of the city in which your organization is registered/located. Please spell out the name of the city. Do not abbreviate. |
| State/Province | Name of state, province, region, territory where your organization is located. Please enter the full name. Do not abbreviate. |
| Country code | The two-letter International Organization for Standardization (ISO-) format country code for the country in which your organization is legally registered. |
Step 2: Generate/Import Private Key
Already have a key?
If you already have a key and certificate, you can import it here.
Please note that the key has to be in a base64-encoded format for Apache web servers. If you used a .pfx file or other format, please refer to one of the sites below to see how to convert them:
http://www.entrust.net/knowledge-base/technote.cfm?tn=7924
https://www.sslshopper.com/ssl-converter.html
In this step a private key will be generated, which will be used together will the signed certificate to encrypt the communication between clients and servers. The SSL certificate is only valid when used with the private key, therefore the private key should be saved/backed up somewhere else after it has been generated. Please click enter a password which will be associated with the private key and click on Generate.
If a private key already exists (e.g. generated with another tool), it can selected for upload or directly pasted into field at the bottom of the form. If that key is password protected, please make sure to enter the correct password into the fields at the top of the form.
When finished, please click on Next.
Step 3: Request Certificate Signing Request (CSR)
Already have a key and certificate?
If you already have a key and certificate, you can skip this step and proceed to step 4.
The CSR contains the certificate-application information, including the public key of the server. Please hit the Generate button to generate the CSR. After that it can be downloaded as a file or copied from the last field at the bottom of the form.
After it has been generated and copied/downloaded it needs to be sent to a Certification Authority (CA), which will generate a certificate, which will be imported in the next step.
Please note that PowerFolder Server 9.x and below are currently not compatible with the SHA-2 signature algorithm yet. Please make sure you select SHA-1 if your SSL provider asks you for that (or uncheck SHA-2).
There are several certification authorities, we recommend one of the following:
Usually a certificate is issued in no time (when having all information from the previous steps available and using an instant payment method for buying the certificate), therefore you can click on Next when finished. As an alternative the wizard can also be closed at this point, it will save all information entered before.
Step 4: Import Signed Certificate
Already have a certificate?
If you already have a key and certificate, you can import it here.
Please note that the certificate has to be in a base64-encoded format for Apache web servers. If you used a .pfx file or other format, please refer to one of the sites below to see how to convert them:
http://www.entrust.net/knowledge-base/technote.cfm?tn=7924
https://www.sslshopper.com/ssl-converter.html
In this step the signed certificate will be imported. Please select the final certificate for upload or copy/paste it into the field at the end of the form.
Please make sure the certificate is officially signed and not generated as a self-signed certificate, otherwise the PowerFolder Clients will not connect to the server, since they only support official Certification Authorities.
Intermediate Certificates
Some Certification Authorities require the signed certificate to be used with an intermediate certificate.
Please use the copy & paste field in that case and first insert the signed certificate first and then the intermediate certificate. The order is important here!
When finished, click on Next. After all steps are performed successfully, the web interface should be available on the port configured under Preferences > Network > Hostname and Ports.
Step 5: Check the SSL connection
When step 1-4 are finished and SSL is up and working, please perform a final check on the web interface using the Comodo SSL Analyzer to verify that everything is OK.