To generate a client key, navigate to your desired Keys module (See Key management overview). Note: The image below depicts using the key manager at the global level. The same steps apply when you access the key manager at the domain level via the SECURITY > Keys module.
Figure 195
Step 1
Select the Client Keys tab and click on the Generate button. The Generate Client Key dialog is displayed.
General
Key alias - Alias you wish to assign to the key.
Key algorithm - The algorithm used in generating this key. Valid options are RSA and DSA.
Key length - The length of the key in bytes. Valid options are 1024, 2048, and 4096.
Figure 66
Parameters
Validity - The number of days this key is valid.
Common name (CN) - The name you wish to assign this key. This is typically either:
| o | the name, username or email address of a user (e.g. jsmith@yoursecureftp.com) if the client application (e.g. a browser or file transfer client) is controlled by that end user or |
| o | a hostname if the client application is controlled by a machine |
Subject Name Alternative or Subject Alternative Name (SAN) - Same as the CN
Organizational unit - The unit within the users organization that this key will be used for e.g. IT.
Organization - The users organization name.
Locality - The users city.
State/Province - The users state or province.
Country - The users 2 character country code e.g. US.
Step 2
Export private key. Exported file may be imported by FTPS and SFTP clients for optional use in client authentication.
Figure 68
Key filename - The file you wish to export the private key to.
Password - The password used to protect private key. Leave blank for no password.
Format - The format in which you wish to export private key.