Configuring implicit SSL
Implicit SSL settings apply only to FTP listeners and are typically a listener on port 990. Use the following settings to configure Implicit SSL settings.
To configure Implicit SSL:
- From the top menu, select . The Listeners page opens.
- Click the of the listener you want to open. The Edit Listener page opens.
: Since SSL can be configured only on FTP listeners, make sure that you select a listener that displays FTP in the Server type column.
- Under , click . The Listener Encryption Settings page opens.
- Set the appropriate options.
- (Clear Only enabled by default). Select the type of SSL connection to attempt when a request comes in to the current listener.
- . No SSL connection is allowed.
- . An SSL connection is made after the client connects and issues the appropriate command. If the SSL command is not issued and you are not forcing SSL, the connection is made as a standard FTP connection.
- . An SSL connection is made immediately upon connection. With Implicit SSL, it is impossible for a non-SSL connection to be made on this listener. The default port for Implicit SSL listeners is 990.
- . Displays the SSL certificate currently applied to the current listener. This is the SSL certificate that the server sends to identify itself to client that connect to this listener. To select an SSL certificate, click .
- . If selected, the listener will request an SSL client certificate before allowing the user to authenticate. In order for the client to authenticate, the client certificate must be signed by a certificate in the list.
- . Select the versions of SSL and TLS that you want to allow clients to use to connect.
- . Select this option to require clients to negotiate SSL connections using TLS version 1.0 or higher. This option provides the greatest security, but may cause some clients to fail to connect.
- (selected by default). Select this option to allow clients to connect using any version of SSL or TLS. This option works with most clients, but does not protect the server from security vulnerabilities in older versions of SSL.
- . This list contains a list of certificates which the server trusts to sign client certificates. When is enabled and a client attempts an SSL connection, the server prompts the client for a client certificate. The server then checks to see if the client certificate is signed by any of the certificates in the trusted authorities list. If not, the connection is terminated.
- To add a certificate to this list, click .
- To remove a certificate from this list, click .
- Click . The Edit Listener page opens.
- In the box, enter . For more information, see Setting Up Listeners.
- Click .