How to: use a CA-issued certificate (the long way)

Syncplify.me Server! version: 4.0.0+

If you already own an X.509 (SSL/TLS) digital certificate in PFX format, you know how simple it is to import it into your Syncplify.me Server! and use it.

But many of our customers asked for a tutorial on the longer procedure of requesting a digital certificate to a certification authority (CA) via a certificate signing request (CSR). So here’s the fully documented procedure for you.

First of all you have to generate the CSR, and to do that you will simply go to the Security->FTP(E/S) menu and select the option in the picture below from the certificate drop-down menu: Continue reading

HTTPS “connection not private/secure” – what it is?

Syncplify.me Server! version: 4.0.0+

After installing Syncplify.me Server! v4.0 you will be able to manage it securely via web interface over HTTPS.

Now, a very common choice is to use a self-signed certificate, because it saves money and if you know what you’re doing it doesn’t compromise security. This is, in fact, the most common choice among our users (according to our surveys).

But if you use a self-signed certificate, your browser will warn you that your connection may not be private or secure. That’s because self-signed certificates are often used for man-in-the-middle (MitM) attacks. But this is not the case, of course, if you can verify that this particular self-signed certificate was created by you and for you.

To get rid of this annoying message, you basically have 2 options:

  1. Spend some money to buy a trusted X.509 (SSL/TLS) certificate from a Certification Authority like DigiCert, Comodo, Thawte, and the like. It goes without saying that this is the recommended choice, as it takes advantage of the inherent trust chain provided by the Certification Authority.
  2. Verify and accept the self-signed certificate you have just created and add it to the trusted keychain of your browser. In this case you are advised to always verify the certificate’s fingerprint to make sure it’s really the one you created yourself, and that you’re not a victim of a Man-in-the-Middle (MitM) attack.

Continue reading

Maintenance release: Syncplify.me Server! v3.1.21.61

We have just released version 3.1.21.61 of our Syncplify.me Server!

This new maintenance release fixes a bug in the Configuration Manager that prevented the hash code of some CA-issued certifricates (especially wildcard ones) from being calculated. This was just a visualization bug, all certificates were still working correctly in the SFTP/FTP(S) server, but if you use a CA-issued wildcard certificate you might want to install this update.

As usual you can download the latest version from our web site. Thank you!

FTPS Server Certificate: best practices

Upon installation, Syncplify.me Server! auto-generates a self-signed X.509 (SSL/TLS) Server Certificate to be used for implicit and explicit FTP (aka FTPS and FTPES). However, such certificate carries the name of “Syncplify” in the organization field, and the common name (CN) field is only suitable for localhost (127.0.0.1). Therefore you may want to generate your own certificate, or buy one from a trusted Certification Authority (CA).

If a self-signed certificate is enough for you (and for all clients that will connect to your server), then you can simply use Syncplify.me Server!’s internal certificate generator as follows. Simply click the “gear” button on the FTP(S) tab of the Configuration manager. Continue reading

SSH Server Key ≠ FTPS (SSL/TLS) Server Certificate

From time to time our users ask how to use their X.509 (SSL/TLS) certificate for SFTP.

The one-line answer is: it’s not possible. But let’s dig into the topic and explain why, and above all how to implement server certificate and keys correctly.

First of all it is important to identify which protocol we intend to use, and what are its peculiarities: Continue reading

Syncplify.me Server! v2.0.7.27 hot-fix 1

If you have downloaded and installed Syncplify.me Server! v2.0.7.27 in the past 6 days, and are experiencing problems with the X.509 certificate on your FTPS (or FTPES) connections, please download v2.0.7.27-hotfix-1 from our web site, and update your instance.

This is a pure hot-fix release, nothing else has been changed, no improvements were made, and no features were altered. Therefore, if you are not experiencing any trouble, you won’t need this update. Thank you.