FTPS Server Certificate: best practices

Upon installation, Syncplify.me Server! auto-generates a self-signed X.509 (SSL/TLS) Server Certificate to be used for implicit and explicit FTP (aka FTPS and FTPES). However, such certificate carries the name of “Syncplify” in the organization field, and the common name (CN) field is only suitable for localhost (127.0.0.1). Therefore you may want to generate your own certificate, or buy one from a trusted Certification Authority (CA).

If a self-signed certificate is enough for you (and for all clients that will connect to your server), then you can simply use Syncplify.me Server!’s internal certificate generator as follows. Simply click the “gear” button on the FTP(S) tab of the Configuration manager.

gen1

The following certificate generation window pops up. Fill in at least the required fields (the ones in bold font) and click the “Generate” button. It is ideal to set the Common Name (CN) field to the same host name you have configured in your DNS for this particular server, so that the certificate will be considered “valid” when the client checks it.

gen2

Instead, if you do need the level of trust provided by a signed certificate (with a trusted CA’s digital signature) then you can follow the procedure here below. First step is to create a CSR, or certificate request, using the Certification Authority’s CSR generator. As an alternative you may also use csrgenerator.com as shown below.

generator

Once the CSR is generated, just copy and paste it into your Certification Authority’s web site and follow their instructions, make the payment and wait. Once the certificate is ready, make sure you retrieve it in PEM or PFX format, with PFX format being the preferred one.

Once you have the certificate file in PFX format, click the “…” button next to the X.509 Certificate field in the Configuration Manager, as shown below, to import it into your Syncplify.me Server!

import1

Select the proper file format, then locate the certificate file on your disk, and click Open as shown in the image here below.

import2

The Configuration Manager will check the validity of the certificate file, and – if it’s valid – it will be imported and your Syncplify.me Server! will use it from that moment on for all implicit and explicit FTP(E)S communications protected by SSL/TLS encryption.

Print Friendly, PDF & Email
Bookmark the permalink.

Comments are closed