How to generate a certificate for Trusted File

To generate certificates, for example using the XCA utility (X Certificate and Key management), perform the following steps.

  1. Create a New database.
    • Enter a password to protect the database that contains your certificate.

    Certificate and key management screen shot

  2. Select the Certificates tab.
    • Select: New Certificate
  3. Select the Source tab.
    • In the Signature algorithm field, select MD5.
  4. Select the Subject tab.
    • Complete the fields for your certificate.
    • Click Generate a new key.
      • Enter a key name
      • Select 1024 bit as the key size
      • Select Keytype
      • Click Create
  5. In the Extensions tab:
    • In "Type": select End Entity
    • Select "Subject Key Identifier"
    • Select the expiry date of your certificates
    • Inform: "Subject alternative Name"

    Create certificate screen with selected Extension tab

  6. In the Key Usage tab:
    • In "Key Usage", select :
      • Digital Signature
      • Non Repudiation
      • Key Enciphering
      • Data Enciphering
    • In "Extended Key usage", select:
      • E-mail Protection
  7. Click   OK to generate the certificate.

Export the certificate that has been created.

  1. In Certificates tab, select the certificate you want to export.
  2. Certificate and key management screen with Certificates tab selected

  3. Select Export.
    • In Export Format: choose "PEM" for export PUBLIC CERTIFICATE.
    • Click OK .
    • Select Export.
  4. Select the certificate you want to export (filename).
    • In Export Format: choose "PKCS #12" for export PRIVATE CERTIFICATE
    • Click OK .
  5. Enter a password to protect your private certificates.

Use the CFTTF utility to generate your passphrase

Use the CFTTF utility, to perform the following task.

Enter: CFTTF –pw [XXXX]

Where: XXXX --> is the same password as your private "PKCS #12" certificates (see above steps).


CFTTF –pw Axway

OUTPUT: m8ZWaOMdkj70UzJZD+wv8gSsi1ycSTEJ5c0H6SH6dLE=

Update the entity.xml file

Note the items in red.

<pkiEntity id=" MYuser1_pub">



<location> /Axway/Transfer_CFT/runtime/conf/tf/certs/pub/ XPP_ Sample_User1.pem</location>



<pkiEntity id=" MYuser1_priv">



<location>> /Axway/Transfer_CFT/runtime/conf/tf/certs/priv/ XPP_ Sample_User1.p12</location>

<passPhrase> m8ZWaOMdkj70UzJZD+wv8gSsi1ycSTEJ5c0H6SH6dLE=</passPhrase>



Update your Trusted File encoding/decoding procedures

Related Links