Connecting to Secure Socket Layer (SSL and TLS) Sites

You can use CuteFTP to connect to FTPS and HTTPS Sites. (Refer to SSL/TLS Connections (FTPS/HTTPS) for more information about SSL.)

To connect to an FTP Site over SSL (FTPS)

  1. Do one of the following:

    • On the main menu, click File > New > FTPS (SSL) Site.

    • On the toolbar, click the down arrow next to the New Site icon , then click FTPS (SSL) Site.

    • In the Site Manager, right-click, then click New > FTPS (SSL) Site.

    The Site Properties dialog box appears.

  2. Type a name for the Site in the Label field.

  3. Type in the Host address, Username, and Password.

  4. Click the Type tab.

  5. In the Protocol list, choose the type of SSL connection mechanism supported by your server or use the default type selected.

  6. Click Connect to connect to the Site now, or click OK to connect later.

To connect to an existing Site over SSL

  • Click the Site in the Site Manager, then clickConnect.

To connect to an HTTPS Site

  1. HTTPS Sites use SSL to secure HTTP connections. Do one of the following:

    • On the main menu, click File, New, then click HTTPS (SSL) Site.

    • On the toolbar, click the arrow next to the New Site icon , then click HTTPS (SSL) Site.

    The Site Properties for dialog box appears.

  2. Type a name for the Site in the Label field.

  3. Type the Site’s address in the Host address field. You do not need to prefix the Site address with https://.

  4. Type your user name in the Username field provided by your administrator.

  5. Type your password in the Password field.

  6. Click Connect.

  7. When you connect for the first time, the Accept Certificate dialog box appears.

  8. Click Accept if you trust the certificate. Rejecting a certificate will abort the connection.

Configuration Notes

  • HTTPS Sites rely on the use of certificates to verify that you are in fact communicating with the desired HTTPS server and to establish the secure connection.

  • Accepting a certificate stores the certificate on your computer so you do not have to verify it again the next time you connect to the Site.

  • If a Site’s certificate appears unusual, has not been signed by a third party (such as VeriSign, or Thawte), or does not match the operator’s name, you should reject the request.

  • Once the connection is established, a small lock icon displays on the Status Bar. Double-clicking the icon in the Status Bar displays the server's certificate.

  • The lock icon represents the type of connection established, but does not guarantee a secured connection. Even though you are connected to an https Site, you could be linked to an unsecured directory, at which time the session is no longer https, but http instead. Check the log if you are unsure of the security of your connection.

To speed up transfers with an SSL Site

Using a clear data channel speeds up transfers with SSL Sites. A clear data channel encrypts the connection process, but files are transferred without encryption.

  1. Click the Site in the Site Manager.

  2. On the main menu, click File, then click Properties. The Site Properties dialog box appears.

  3. Click the Type tab.

  4. Select the Clear Data Channel check box.

  5. Not all servers support or allow the PROT C (Clear Data Channel) command argument sequence.

To encrypt the data transfer and not the command connection

Using a Clear Command Channel, you can keep your data transfers encrypted and still avoid firewall issues.

  1. Click the Site in the Site Manager.

  2. On the main menu, click File, then click Properties. The Site Properties dialog box appears.

  3. Click the Type tab.

  4. Select the Clear Command Channel check box.

  5. Not all servers support or allow the CCC (Clear Command Channel) command argument.

To configure other SSL settings

  1. On the main menu, click Tools, then clickGlobal Options.

  2. Expand the Securitynode.

  3. Select SSL Security.

CuteFTP supports keyboard interactive authentication. This authentication method involves connecting to servers with a challenge/response type of password-based authentication, and requires a one-time-use password typically generated by hardware-based or, less commonly, software-based password generators.

Related Topics

Choosing a Certificate for SSL/TLS Sessions

Accepting Server SSL/TLS Certificates

Importing or Removing Certificates from the Trusted List

SSL Security Settings

Handling SSL Certificates

Unable to Connect to Titan FTP Server when Using SSL

Troubleshooting SSL Connections