If CompleteFTP is used to generate a CSR so that a certificate can be requested from a certificate authority (CA), then the private key that is generated along with the CSR is stored in the Microsoft PVK format. The SSL certificate is normally supplied by the CA in CRT or CER format, which can usually be imported straight into CompleteFTP along with the PVK file (which is prompted for after loading the certificate file).
If CompleteFTP is not used to generate a CSR, your SSL certificate and its private key might be in other formats. The commonest certificate and private key format is PEM-encoded. Certificates begin with "-----BEGIN CERTIFICATE-----", and private keys begin with "-----BEGIN RSA PRIVATE KEY-----". PEM supports certificates and private keys in the same file.
From version 12.1, CompleteFTP can directly import certificates in PEM format. If the certificate's private key is not included in the PEM file, you will be prompted for it. PEM private key files are also supported from 12.1.
Previous versions of CompleteFTP cannot directly import SSL certificates with PEM-encoded private keys, but it is easy to convert them to a supported format using OpenSSL. The supported format is PFX, also known as PKCS#12 format. Windows binaries of OpenSSL can be obtained here. Normally one of the Win64 "Light" distributions is sufficient if you are running Windows 7 or Windows 8, or another 64 bit Windows OS.
Please note that OpenSSL should be run in a command prompt that is being run with administrator privileges.
Sometimes, your PEM-encoded certificate file will have the certificate authority's certificates embedded in it as well as your SSL certificate. From 9.0.1, all certificates can be imported, but for versions prior to 9.0.1 your certificate will need to be copied to a separate file and installed. Your certificate can usually be identified by the attributes listed above it (especially its common name).To import into PFX format (below), create a file that contains only your certificate (cut and paste inclusive from the "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----").
Use the following OpenSSL command to convert your certificate and private key into PFX format:
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt
You can then import the PFX file directly into CompleteFTP via the Import a certificate from a file link in the Server Certificate dialogue box.
Sometimes the certificate is already in PFX format, but the private key is PEM-encoded. In this situation,
the private key can be converted to the Microsoft PVK format. When the PFX file is imported without a private
key, the private key in PVK format is then prompted for. Again, OpenSSL can be used:
openssl rsa -inform PEM -in mykey.pem -outform pvk -out mykey.pvk
Some users have found it easier to also convert their PFX certificate to CER format (as well as their private key into PVK format).
The currently installed server certificate can be exported to a file from the Server Certificate dialogue box. It is important to note that the certificate's private key is not included in the exported file unless the format of the file to export to is in the PFX format. This requires the filename that is provided to have the P12 or PFX file extension. If the filename has the extension CER or PEM, the private key is not included.