Introduction

SSL Support

Easy File Sharing Web Server is available in 2 different editions to ensure you get the file sharing solution you're looking to use. a Standard edition that meets most people's needs, a Secure edition has a SSL Server for most companies that require encrypted transfers.

The SSL Server is based on SSLeay/OpenSSL, it enables secure transport of data to and from the web server to the client browser. This makes it almost impossible for anyone to spy on passwords, bank accounts etc. send over the internet.

About server certificate

In order to use SSL Server as a secure server you need a private key and a server certificate. Such a certificate is normally issued by a Certificate Authority (CA in short). There are a lot of CA's out there. Probably the most wellknown are Thawte and VeriSign.
If you want to use Easy File Sharing Web Server in a production environment you will need such a CA issued server certificate. However you do not need to buy a real certificate. You can either make your own self-issued certificate, or you can use our self-issued certificate which is enclosed in the Easy File Sharing Web Server.

How do you create your own self-issued certificate and private key?

Quite easy in fact. Just run the makecert.bat (makecert_128.bat) file and answer the questions in the process (the makecert.bat file is in the installation folder of Easy File Sharing Web Server, the default path is c:\Program Files\Easy File Sharing Web Server). Remember that the "Common name" asked should be the website address for which you want to use SSL. If you are running the SSL Server locally you should put "localhost" in this field. If you type anything other than the site address your browser will issue a "The name on the security certificate does not match the name of the site". Of course, this warning can be ignored. The result from makecert.bat is your private key file (ServerKey.pem) and your self-issued certificate (ServerCert.pem). both files will be created in the installation folder of Easy File Sharing Web Server. After that you can restart the SSL Server and the SSL Server will use your own certificate.

Note: The makecert_128.bat makes a 128-bit key and certificate. This certificate can only be used by 128-bit client browsers. Therefore you might exclude some Internet users who are using the lower version of browser such as IE 4.0.

How do you get a real certificate issued by a known CA ?

If you want to use Easy File Web Server SSL Edition for serving a live website, you absolutely must consider getting a real certificate. Although the self-issued certificate which comes with Easy File Sharing Web Server can do the job, it is not recommendable. The users browsing your site will get a warning each time saying that the certificate is not trusted by a known CA and that could scare them away.

Obtaining a certificate is not too hard a task though. All you need to do is make a Certificate Request file (CSR) and then send this file to a Certificate Authority (CA) of you own choice.
You can generate a CSR with the makecsr.bat (makecsr_128.bat) file (the makecsr.bat file is in the installation folder of Easy File Sharing Web Server). Just run the makecsr.bat file and answer the questions asked. This time it is very important that you fill in the "Common name" correctly, if not you will not be able to use the certificate for your site. Also it is very important, that you save the efsws_key.pem file with was created in the process. Without this file, and the password supplied in the process, you cannot use the CA issued certificate.
Once you have your request file (efsws_req.pem) you just need to send it to a CA of your choice. Since every CA has their own rules on how to request a certificate, I cannot give a general method. Instead you need to go to the website of the CA and see how they want you to proceed. Remember, that you must get a certificate on the PEM format, not DER.

Note: The makecsr_128.bat file makes a request for a 128-bit certificate. Have your clients in mind before requesting a certificate, since 40-bit clients cannot communicate with a 128-bit server.

Thawte certificate URL:
http://www.thawte.com/

VeriSign certificate URL:
https://www.verisign.com/

Both sites has extensive information about SSL and certificates. You might want to read this information before deciding to buy a certificate. You can also get a trial certificate from many CAs. That way you can try before you buy.