Enabling FTPS and HTTPS (SSL) at the Site Level

EFT Server has robust SSL configurations. SSL must first be enabled at the Site and Server level; then can be enabled per User Settings Level and per user.

If you require certificates from connecting clients before they can connect, then their certificate must be in the Trusted Certificates Database or signed by a certificate in the Trusted Certificate Database.

To enable SSL

1. In EFT Administrator, connect to EFT Server and click the Server tab.

2. In the left pane, select the Site you want to configure.

3. In the right pane, select the Connection Options tab.

4. To allow both standard FTP connections and SSL connections, select the Enable FTP access on port check box, and specify the port number. Clear the Enable FTP access on port check box to allow only SSL connections to the Site. If you clear Enable FTP access on port, you must enable one or more of the other connection options or no connections will be allowed to the Site.

5. To allow/disable SSL connections over HTTPS, select/clear the Allow HTTPS transfers on port check box and specify the port number. (The default is 443.) (To enable AS2 over HTTPS, refer to Enabling the AS2 Inbound Listener Service.)

6. To allow/disable FTPS (SSL), select/clear the Allow implicit FTPS (SSL) on port check box and specify the port number. If the implicit Allow implicit FTPS (SSL) on port check box is selected, you can change the implicit SSL port. The default port is 990, which is normally used by FTP clients that support implicit SSL.

7. To allow/disable FTPS (SSL/TLS), select/clear the Allow explicit FTPS (SSL/TLS) on default FTP port check box and specify the port number.

8. In the SSL Certificate Options area, specify the Certificate file path and Private Key file path. If you used the Create SSL Certificate Wizard and selected Set up Server to use the generated certificate check box, the Certificate and Private Key file paths will already be completed. Otherwise, choose the files using the associated open icon.

9. Specify the Private Key Passphrase. This is the passphrase that was used when the certificate was created. An incorrect passphrase generates errors when you select Apply.

10. Click Require certificates from connecting clients.

• If Require certificates from connecting clients is not selected, clients that support SSL can connect to EFT Server without supplying a certificate.

• If Require certificates from connecting clients is selected, FTP clients requesting an SSL connection must present a certificate before EFT Server will allow them to connect. The client certificate must be in the Trusted Certificates database or signed by a certificate in the Trusted Certificates database. If the client has a certificate that does not meet those conditions, the connection is denied. However, its certificate is placed in the Pending Certificates database, where it can later be added to the Trusted Certificate Database. If the client does not present a certificate, the connection is denied.

11. Click Apply to save the changes to EFT Server.