Enabling SSL on the Site
Specify SSL versions and ciphers before enabling SSL connections. SSL must first be enabled on EFT and Site, then can be enabled in the Settings Template and user.
You can inherit the TLS settings from the server, or specify different settings on the site.
See also Enabling SSL on the Server and TLS 1.3 Support.
If you require certificates from connecting clients before they can connect, then their certificate must be in the Trusted Certificates Database or signed by a certificate in the Trusted Certificate Database.
If you are using SSL authentication for accounts that need to send AS2 transfers, leave it at the default password authentication, not certificate authentication.
EFT does not support SSL Certificate Private Keys without passphrases.
To enable SSL and assign the certificate
-
In the administration interface, connect to EFT and click the Server tab.
-
Click the Site you want to configure.
-
In the right pane, select the Connections tab, then select the applicable protocol check boxes (FTPS, HTTPS, and/or AS2).
-
In the SSL certificate settings area, click Configure. The SSL Certificate Settings dialog box appears.
-
Do one of the following:
-
To create a certificate, click Create and follow the prompts in the wizard. (Refer to Creating Certificates for details, if necessary.)
-
To use an existing certificate:
-
In the Certificate box, type the path to the .crt file or click the folder icon to find and select it.
-
In the Private key box, type the path to the .key file or click the folder icon to find and select it.
-
In the Certificate passphrase and Confirm passphrase boxes, type and confirm the passphrase for the certificate pair.
-
Select the Require SSL certificates from connected clients check box, if you want connecting clients to use an SSL certificate.
-
Click OK to close the dialog box.
-
Click Apply to save the changes to EFT.
TLS Settings on the Site
On a Site's Connections tab, you can configure TLS settings specifically for that Site, or choose to inherit the settings from the server, which is the default.
To specify TLS settings on the Site
-
In the administration interface, connect to EFT and click the Server tab.
-
Click the Site you want to configure.
-
In the right pane, select the Connections tab, then select the applicable protocol check boxes (FTPS, HTTPS, and/or AS2).
-
Next to SSL security settings, click Configure. The TLS Certificate Settings dialog box appears.
-
The Inherit from server settings check box is selected by default. If you need to specify different settings for this Site, clear the check box, then select or clear the Minimum Protocol Version to use, the Allowed ciphers, and the Resulting ciphers.
Refer to TLS 1.3 Supportand Enabling SSL on the Server for more information on specifying these settings.