SSL Certificates for FTPS and HTTPS |
Top Previous Next |
The installation program for Robo-FTP Server automatically creates a self-signed SSL Certificate that can be used to secure inbound FTPS, FTPS implicit and HTTPS connections.
What is an SSL Certificate? An SSL certificate is used to secure the connection between client and server. The certificate itself is a file that combines a public encryption key with identifying information about the owner of that key. The file is digitally signed by an entity that certifies the identity of the owner. Security-conscious clients trust servers that are protected with an SSL certificate because they offer three important benefits: 1. Data sent between the client and server is encrypted so it can't be read or modified by anyone else. 2. The SSL certificate guarantees that the client is connecting to the same site every time. 3. It guarantees that the server actually belongs to the organization that it claims.
The Robo-FTP Server Console program is able to generate a "self-signed certificate" which provides the first two benefits but not the third. Robo-FTP Server can also use a certificate signed by a Certificate Authority that offers all three benefits. Robo-FTP Server requires that an SSL certificate be selected before it allows incoming FTPS explicit, FTPS implicit or HTTPS connections. The grid on the bottom of the SSL Options tab (shown below) allows you to specify which SSL certificate to use.
Self Signed Certificates Self signed certificates are free and easy to configure. A certificate of this type is automatically generated when Robo-FTP Server is installed and additional certificates of this type may be created and installed using the SSL Options tab in the Server Console. A self-signed certificate offers the same SSL / TLS encryption possible with the other types of certificates but it does not have the signature of a 3rd-party Certificate Authority organization.
Click the "Create" button on the SSL Options tab to display the Create Certificate form (shown below) then fill out the form and click the "Create Self Signed" button to generate a self-signed certificate.
Certificate Signing Requests The Create Certificate form may also be used to generate a Certificate Signing Request (CSR.) When you click the "Create Signing Request" button (see image above) the Server Console generates an unsigned public certificate and a matching private key. Your new CSR is displayed as a row without an expiration date in the grid at the bottom of the SSL Options tab.
Before you can use this type of certificate, the CSR must be exported and sent to a trusted Certificate Authority. That organization will verify your identity and return a signed copy of the certificate to you. When you have the signed certificate, import it by clicking the "Import Signed Cert" button or by right-clicking the CSR row in the grid and choosing "Import Signed Certificate" from the pop-up context menu.
External Certificates Robo-FTP Server is also able to use SSL certificates that were generated and signed outside the Server Console program. For example, you could re-use an SSL certificate originally created for a web site in the same domain.
To import an external certificate you must have three things: the public certificate, the private key and the password. If you have all of these items, click the "Import" button on the SSL Options tab to display the Import Certificate form (see below.)
Note: If you only have a single file with a .p12 or .pfx extension it may be a PKCS #12 container file. That type of file may hold both a public certificate and its matching private key. To import a PKCS #12 file containing both, enter the file name in the Certificate File field and leave the Private Key File name field empty.
Intermediate Certificates Most client programs automatically trust certificates signed by well known Certificate Authorities but others require a certificate chain of trust. Build the chain of trust by right-clicking the certificate's row in the grid and choosing "Add Intermediate Certificate" from the pop-up context menu. When prompted, import the public certificate of the Certificate Authority organization that signed your certificate. If necessary, additional certificates may be added to the chain in the same manner.
|