MOVEit Central uses client certificates for FTP/S and MOVEit DMZ authentication, S/MIME signing/encryption and AS1/AS2/AS3 authentication/signing/encryption. This section discusses issues related to obtaining and installing certificates, prior to using them in MOVEit Central.
An X.509 digital certificate is a document that verifies the identity of the holder of the certificate. Digital certificates are often issued by and vouched for by Certification Authorities (CAs), but may also be "self-signed". Every certificate contains two keys used by public/private key cryptography.
A certificate used for client authentication conceptually consists of three components:
The public component of the certificate, which contains the name of the client and the public key.
The private component of the certificate, which contains an encrypted version of the private key. Though it is possible to have a certificate without the private component, such a certificate cannot be used as a client certificate.
A password, which protects the private key.
To use client certificate with MOVEit Central, you must:
Obtain a certificate from a server administrator, a CA or by generating one yourself.
If necessary, convert the certificate into a form understood by Microsoft software (*.cer or *.pfx).
Install the certificate into MOVEit Central through MOVEit Central Admin.
Configure a MOVEit Central host to use the certificate when communicating with a particular FTP server, MOVEit DMZ server, AS2 partner, etc.
These steps are covered in more detail in the following topics.
