Trusted Certificates
With the
option, you can add and manage trusted certificates.Trusted certificates are a more flexible way to define X.509 certificates for both SFTP(SSH) and FTPS transfers. Typically, a CA (Certificate Authority) certificates will be added as trusted certificates to TIBCO MFT Internet Server. When certificate authentication is enabled for your SSH server through the option and an SSL negotiation is performed any certificate signed by the trusted certificate will be accepted. Then, the distinguished name of the certificate will be matched against the certificate distinguished name defined in the user definition to associate the certificate with a user.
For the incoming processing, if a certificate is assigned to a user or server, the trusted certificate is not checked. In addition, TIBCO MFT Internet Server checks the following items:
If no certificate is found assigned to a user or server, the trusted certificates will be used for validation, performing the following tasks:
- Verify the certificate is signed by one of the trusted certificates in the TIBCO MFT Command Center database.
- Check the CRL if the certificate CRL processing is enabled.
- Validate the distinguished name extracted from the certificate against the certificate distinguished name field defined in the user definition.