Configuration details
In order to secure File Transfer Protocol (FTP)
with Secure Sockets Layer (SSL), you need to configure the systems using FTP,
including working with the certificate authority (CA), enabling SSL, and so on.
In this scenario, both MyCo and TheirCo need to complete a series of tasks to secure their FTP sessions with SSL.
- Creating and operating a local certificate authority on the MyCo system
This scenario assumes that MyCo has not used Digital Certificate Manager (DCM) previously to set up certificates for its system. Based on the objectives for this scenario, MyCo has chosen to create and operate a local certificate authority (CA) to issue a certificate to the File Transfer Protocol (FTP) server.
- Enabling Secure Sockets Layer for MyCo's FTP server
Now that the File Transfer Protocol (FTP) server has a certificate assigned to it, MyCo needs to configure the FTP server to use Secure Sockets Layer (SSL).
- Exporting a copy of MyCo's local certificate authority certificate to a file
To enable secure FTP connection between the two systems, MyCo must provide TheirCo with a copy of the local certificate authority (CA) certificate. TheirCo's client application must be configured to trust the CA certificate before it can participate in a Secure Sockets Layer (SSL) session.
- Creating an *SYSTEM certificate store on TheirCo's system
To participate in a Secure Sockets Layer (SSL) session, TheirCo's File Transfer Protocol (FTP) client must be able to recognize and accept the certificate that MyCo's FTP server presents. To authenticate the certificate, TheirCo's FTP client must have a copy of the certificate authority (CA) certificate in the *SYSTEM certificate store.
- Importing MyCo's local CA certificate into TheirCo's *SYSTEM certificate store
TheirCo's *SYSTEM certificate store contains a copy of most public certificate authority (CA) certificates. However, because MyCo's File Transfer Protocol (FTP) server uses a certificate from a local CA, TheirCo's FTP client must obtain a copy of the local CA certificate and import it into the *SYSTEM certificate store.
- Specifying MyCo's local CA as a trusted CA for TheirCo's FTP client
Before TheirCo can use the File Transfer Protocol (FTP) client to make secure connections to the MyCo FTP server, TheirCo must use Digital Certificate Manager (DCM) to specify which certificate authorities (CA) the client should trust. This means that TheirCo must specify that the local CA certificate that was imported previously is to be trusted.
Parent topic:
Scenario: Securing File Transfer Protocol with Secure Sockets Layer