Authenticating FTPS Certificate

The MFT FTP/FTPS service supports certificate authentication.

Prerequisites

FTPS certificate authentication works when the Client Platform Server is using FTP explicit or implicit mode. Refer to the FTP client documentation to see how to enable FTP explicit or implicit mode.

Procedure

  1. Configure the FTP Service to support certificate authentication.
    1. Navigate to Administration > System Configuration
    2. Open the Global FTP Settings box.
    3. Set the FTP Client Authentication Method to one of the following options:
      • Certificate Only: FTP clients must use certificate authentication.
      • Certificate or Password: FTP clients can use password or certificate authentication.
      • Certificate and Password: FTP clients must use password and certificate authentication.

      Setting one of these three options prompts the Platform Server service to request a certificate from the client.



  2. Restart the FTP service on each Internet Server where the FTP service is enabled.
    1. Navigate to Administration > Transfer Servers > FTP Server > FTP Server Status
    2. Open the box for the FTP Server Host to restart.
      • Click Stop Server to stop the service.
      • Click Start Server to start the service.


  3. Log on to the Internet Server or Command Center Admin console.
    1. Navigate to Administration > Protocol Keys > Add Public Key.
    2. Set the Public Key Type to FTP Public Key.
    3. Set Apply Key to to User.
    4. Select the user to associate with the certificate.
    5. Set Status to Enabled
    6. Set Description to a unique descriptive value.
    7. Copy/paste the certificate into the Enter the X.509 Certificate in the box below input field.
      The FTP client has the public key that needs to be entered into this input field.
    8. Click Continue.


      The Add Public Key confirmation page is displayed.
    9. Review the information and click Continue.
      The key is added to the server and associated with the defined user.
  4. Navigate to Users > Manage Users and select the user that requires certificate authentication.
    1. Set FTP Client Authentication Method to Certificate Only.
    2. Click Update to save the changes.


Result

When an FTP client uses implicit or explicit SSL/TLS mode to connect to Internet Server, Internet Server requests a certificate from the FTP client. It verifies the certificate against the FTP certificates added in prior steps. If a match is found, the logon request is successful. If a match is not found, the logon request fails.