While SSL/TLS security configuration for the FTPS protocol is entirely self-contained, Syncplify.me Server!’s Web/REST service relies on Windows’ HTTP.SYS subsystem, which is the same subsystem IIS is based on, and therefore its security configuration has to be made at operating system level.
After installing Syncplify.me Server! v4.0 you will be able to manage it securely via web interface over HTTPS.
Now, a very common choice is to use a self-signed certificate, because it saves money and if you know what you’re doing it doesn’t compromise security. This is, in fact, the most common choice among our users (according to our surveys).
But if you use a self-signed certificate, your browser will warn you that your connection may not be private or secure. That’s because self-signed certificates are often used for man-in-the-middle (MitM) attacks. But this is not the case, of course, if you can verify that this particular self-signed certificate was created by you and for you.
To get rid of this annoying message, you basically have 2 options:
- Spend some money to buy a trusted X.509 (SSL/TLS) certificate from a Certification Authority like DigiCert, Comodo, Thawte, and the like. It goes without saying that this is the recommended choice, as it takes advantage of the inherent trust chain provided by the Certification Authority.
- Verify and accept the self-signed certificate you have just created and add it to the trusted keychain of your browser. In this case you are advised to always verify the certificate’s fingerprint to make sure it’s really the one you created yourself, and that you’re not a victim of a Man-in-the-Middle (MitM) attack.
During the installation process of Syncplify.me Server! v4.x (or greater) you will be asked the IP address and port to which the new HTTP REST API service should bind. While in most cases 0.0.0.0 (all interfaces) is a safe choice for the IP address, it is important to carefully choose a port.
In order to help you choose, we have prepared a very easy diagram. Just answer the questions on the diagram, and you’ll know which port (not) to use.
This said, in order to limit automatic probes (bots), choosing a non-standard port is probably always the safest way to go.
After less than a month from the release of v3, our team is already at work on v4.
While v3 has been our “back-end release” (the version that introduced a whole lot of new functional features, from speed limits to new scripting capabilities, from multiple instances to actual impersonation, and more…), v4 will be our “front-end release” and will deliver a greatly improved interface for… well… everything.
And thanks to the whole new configuration API implemented as REST web service to be consumed over a secure HTTPS channel, the GUI will also be fully cross-platform. Ever dreamed to be able to configure your Syncplify.me Server! from your iPhone or Android device? V4 will make it possible!
The above is not a mock-up, it is an actual screenshot taken from one of our Android phones in the lab. More to come… soon!