bg-tutorials

How to Install an SSL Certificate on Cerberus FTP Server

This guide shows you how to install an SSL/TLS certificate on Cerberus FTP Server on Windows. The certificate secures your FTPS and HTTPS connections so file transfers are encrypted.

Generate a CSR code on Cerberus FTP Server

If you have already generated your CSR and received the signed certificate from your Certificate Authority (CA), skip to the installation steps.

CSR stands for Certificate Signing Request, a block of encoded text that contains your contact and domain details. The Certificate Authority uses this information to validate your request and issue the certificate. You have two options:

Open the CSR file with any text editor and copy its contents into the order form on your SSL vendor’s page. Keep the matching private key safe: you will need it during installation.

Install an SSL certificate on Cerberus FTP Server

After the CA validates your request, it emails your signed certificate. Download the archive and extract the files on the Windows machine that runs Cerberus FTP Server. Depending on the CA, you will have a PEM-formatted certificate file plus either a separate intermediate certificate or a CA bundle that contains the root and intermediate certificates. If you ordered the certificate elsewhere and exported it from the Windows certificate store, you may instead have a single .pfx (PKCS#12) file that holds the certificate, private key, and chain together.

Step 1: Open the Security settings

  • In Cerberus FTP Server, open Server Manager (from the main menu, select Configuration > Server Manager).
  • From the left menu, select the Security tab.
  • Check Enable SSL/TLS. Cerberus will not let you enable it until a valid certificate and private key are loaded, so complete the next step first if the box is greyed out.

Step 2: Load your certificate and key under Server Key Pair

Scroll to the Server Key Pair section and fill in the file paths using the folder (browse) button at the end of each field:

  • Certificate Path: browse to your SSL certificate file (the one issued by the CA).
  • Private Key Path: browse to the private key you created together with your CSR. If your certificate and key are combined in one .pfx file, select that same file here.
  • CA Certificate Path: browse to your CA bundle (the file with the root and intermediate certificates). You can leave this empty if your certificate already contains the full chain.
  • Needs Key Password: check this box only if your private key or .pfx file is encrypted.
  • Password: if the key or .pfx is encrypted, enter the password used to protect it. This is the same password you set when you created the key or exported the .pfx.

Working from a .pfx file? A PKCS#12 file bundles the certificate, private key, and chain in one file. Point both Certificate Path and Private Key Path at that single .pfx, check Needs Key Password, and enter the export password.

Step 3: Verify and apply

  • Click Verify. Cerberus checks that it can read the certificate and private key with the password provided. If there are no errors, the key pair is valid.
  • Click OK (or Apply) in Server Manager to save the settings and load the new key pair.
  • If Cerberus prompts you to restart the service for the change to take effect, restart it.

Once SSL/TLS is enabled, Cerberus uses the certificate for its FTPS and HTTPS listeners. Current releases support TLS 1.2 and TLS 1.3. For the strongest security, enable TLS 1.3 and disable the legacy TLS 1.0 and TLS 1.1 protocols in the same Security settings.

Handle FIPS mode (if enabled)

If you run Cerberus in FIPS 140-2 mode and the update fails, use this workaround:

  1. Turn FIPS mode off temporarily.
  2. Restart the Cerberus service.
  3. Load the certificate and complete the update.
  4. Re-enable FIPS mode and restart the service again.

Your Cerberus FTP Server now presents the new certificate to connecting clients.

Test your SSL installation

After installation, check the certificate to confirm it is served correctly and the chain is complete. Connect to your server with an FTPS client and confirm the connection is encrypted, then use our SSL Checker to inspect the certificate and its configuration. Because Cerberus serves FTPS (and HTTPS for its web client) rather than a standard public website, point any host-based checker at the correct port for your FTPS or HTTPS listener.

Frequently Asked Questions

Where do I install the SSL certificate in Cerberus FTP Server?

In Server Manager, on the Security tab, under the Server Key Pair section. Set the Certificate Path, Private Key Path, and CA Certificate Path, then verify and save.

Can I use a .pfx (PKCS#12) file with Cerberus FTP Server?

Yes. A .pfx file holds the certificate, private key, and chain in one file. Point both the Certificate Path and Private Key Path at the same .pfx file, check Needs Key Password, and enter the export password. You can create a .pfx by exporting a certificate from the Windows certificate store with its private key and intermediates included.

How do I apply the certificate in Cerberus FTP Server?

Verify checks that Cerberus can read the certificate and private key at the paths you entered, using the password if one is set. Then click OK (or Apply) in Server Manager to save the configuration and load the key pair into the FTPS and HTTPS listeners. Restart the service if Cerberus prompts you.

Why can’t I check the Enable SSL/TLS box?

Cerberus will not enable SSL/TLS until a valid certificate and private key are loaded. Fill in the Server Key Pair fields and click Verify first. Once the key pair loads without errors, you can enable SSL/TLS.

Does Cerberus FTP Server support TLS 1.3?

Yes. Current releases support both TLS 1.2 and TLS 1.3. Enable TLS 1.3 and disable the older TLS 1.0 and TLS 1.1 protocols on the Security tab for the strongest configuration.

Save 10% on SSL Certificates when ordering from SSL Dragon today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

A detailed image of a dragon in flight
Written by

I've been writing for SSL Dragon for over 10 years, focusing entirely on SSL certificates and digital security. My job is to take complex cybersecurity topics and strip away the jargon, making sure you get the clear, practical information you need to keep your website safe.