Generating a key
To generate a client key, navigate to your desired Keys module (See Key Management). Note: The image below depicts using the key manager at the global level. The same steps apply when you access the key manager at the domain level via the SECURITY > Keys module.
Step 1
Select the Client Keys tab and click on the Generate button. The Generate Client Key dialog is displayed.
General
Key alias - Alias you wish to assign to the key.
Key algorithm - The encryption algorithm used. Supported types includes RSA, DSA, EC and ED.
Key length - The length of encryption key, applicable when RSA or DSA is the selected key algorithm. Length options vary depending on the algorithm selected. For example, RSA supports key lengths of 1024, 2048, 3072 and 4096.
Key curve - The curve of the key, applicable when EC or ED is the selected key algorithm. The curve values you can choose from depend on which algorithm you are configuring.
Parameters
Validity - The number of days this key is valid.
Common name (CN) - The name you wish to assign this key. This is typically either:
-
The name, username or email address of a user (e.g. jsmith@yoursecureftp.com) if the client application (e.g. a browser or file transfer client) is controlled by that end user or
-
A hostname if the client application is controlled by a machine
Subject Name Alternative or Subject Alternative Name (SAN) - Same as the CN.
Organizational unit - The unit within the users organization that this key will be used for e.g. IT.
Organization - The users organization name.
Locality - The users city.
State/Province - The users state or province.
Country - The users 2 character country code e.g. US.
Step 2
Export private key. Exported file may be imported by FTPS and SFTP clients for optional use in client authentication.
Key filename - The file you wish to export the private key to.
Password - The password used to protect private key. Leave blank for no password.
Format - The format in which you wish to export private key.