SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


Install a certificate for Axway CFT

Those instructions are suitable for Axway CFT servers. Here is the procedure to obtain a SSL server certificate for CFT (server authentication serveur only or mutual):

  1. Generate a private key and a CSR with OpenSSL
  2. Obtain a certificate with TBS INTERNET
  3. Convert the elements in DER binary files
  4. Import the elements in the TransferCFT PKIbase
  5. Configure SSL in TransferCRT
You received your certificate by email with one or several intermediate certificates and a root certificate. Keep this email within reach.

1a- Retrieve the certificates

Go back where the private key has been generated.

In the delivery email you'll find several links. Click on them and download the associated files:
  • A: your server certificate
  • B: each elements of the certification chain

1b- Convert the certificates

CFT wants the certificates to be in DER binary format. It requires a conversion. For each .crt or .cer files, follow the instructions: 
openssl x509 -in FIC.crt -outform DER -out FIC.der

1c- Convert the private key

CFT CFT wants the private key to be in DER binary format. It requires a conversion. 
openssl rsa -in FIC.key -outform DER -out FIC.key.der

2- Import the elements in the TransferCFT PKI base

Here is the CFT configuration part needed to be able to use the certificate. It would be better to check with a CFT specialist the exact procedure. Initialize the PKI base with: 
PKIUTIL pkifile fname=$CFTPKU, mode=create
If the file already exists, the command will fail.

Then import each certificate with the command 
PKIUTIL pkicer
Consult the documentation of the product to enter the exact parameters for each certificate, especially the parameteritype that take the value ROOT, INTER or USER.

Make sure all the elements are here with the command 
PKIUTIL listpki

3- Configure SSL in TransferCFT

The configuration is used to
  • Define the protocol with the key word cftprot, line ssl=
  • Define the server SSL profile with the key word cftssl
  • Activate the SSL server in TransferCRT by adding in the parameter (cftparam) the protocol defined 2 lines in the key word prot
  • Define the SSL client profile with the key wordcftssl
  • Activate the SSL client by calling the SSL client profile created here above in a partner profile with cftpart, line ssl=
Consult the product documentation to enter the exact parameters.