Enabling FTPS and HTTPS (SSL) at the Site Level

The Server has robust SSL configurations that allow you to configure SSL connections on all Sites, at the Site level, at the User Setting Level, or per user. You can also configure SSL with a combination of these four levels. SSL must first be enabled at the Site and Server level; then can be enabled per User Settings Level and user.

To enable SSL at the site level

1. In the Administrator, connect to the server, then click the Server tab.

2. In the left pane, click the Site you want to configure.

3. In the right pane, click the Connection Options tab.

4. To allow both standard FTP connections and SSL connections, select the Enable FTP access on port check box, and specify the port number. Clear the Enable FTP access on port check box to allow only SSL connections to the Site.

If you clear Enable FTP access, you must enable one or more of the other connection options or no one will be able to connect to the site.

5. To allow SSL connections over HTTPS, select the Allow HTTPS transfers on port check box and specify the port number. (The default is 443.)

6. To allow FTPS (SSL), select the Allow implicit FTPS (SSL) on port check box and specify the port number.

7. To allow FTPS (SSL/TLS), select the Allow explicit FTPS (SSL/TLS) on default FTP port check box and specify the port number.

If the implicit Allow implicit FTPS (SSL) on port check box is selected, you can change the implicit SSL port. The default port is 990, which is normally used by FTP clients that support implicit SSL Secure Sockets Layer, a protocol designed and implemented by Netscape Communications, provides for encryption of a session, authentication of a server, and optionally a client, and message authentication..

8. In the SSL Certificate Options area, specify the Certificate file path and Private Key file path. If you used the Create SSL Certificate Wizard and selected the Set up Server to use the generated certificate check box, then the Certificate and Private Key file paths will already be completed. Otherwise, choose the files using the associated folder icon.

9. Specify the Private Key Passphrase. The passphrase was defined when the certificate was created. An incorrect passphrase generates errors when you select Apply.

10. (Optional) Select the Require certificates from connecting clients check box.

• If this check box is not selected, then clients that support SSL can connect to the Server without supplying a certificate.

• If this check box is selected, then FTP clients requesting an SSL connection must present a certificate before the Server will allow them to connect. The client certificate must be in the Trusted Certificates database or signed by a certificate in the Trusted Certificates database. If the client has a certificate that does not meet those conditions, the connection is denied. However, its certificate is placed in the Pending Certificates database, where it can later be added to the Trusted Certificate Database. If the client does not present a certificate, the connection is denied.

If the Server requires certificates from connected clients, those certificates must also use SHA-1; otherwise, connection is denied.

11. Click Apply to save the changes.