|
|
|
|
|
All client and server certificates used by MOVEit DMZ FTP must be X.509 certificates.
Server certificates let remote FTP clients confirm the identity of your FTP server and are an important part of SSL secure channel negotiation. A server certificate is always required by MOVEit DMZ FTP; in fact, MOVEit DMZ FTP will complain via email if it does not have at least one valid server certificate.
Client certificates help MOVEit DMZ confirm the identity of FTP clients. Client certificates are optional, but they must ALWAYS be provided when connecting to the optional Client Certs Explicit Port or the Client Certs Implicit Port on MOVEit DMZ, whether or not the certs are actually used during authentication (as per user-level authentication settings). As suggested by the configuration options, MOVEit DMZ supports client certificates on both its explicit and implicit ports, and over all three modes of FTP/SSL. (See FTP - Configuration (Ports Tab) for more information.)
An ever-expanding list of compatible clients and a complete list of encryption options is also included in this documentation.
MOVEit DMZ provides two "missing certificate" reminders to ensure at least one valid certificate has been installed. The first is the MOVEit DMZ Check utility which runs after each installation and upgrade and may also be run manually from the Start | Programs | MOVEit DMZ menu. This utility will report a connection error if the FTP server certificate is bad or missing. The second reminder is an email with certificate assignment instructions sent by the FTP server itself when the service is started. This email will be sent 14 days before a certificate expires, every day after a certificate expires and every day a certificate is not available.
It is possible to assign multiple server certificates to the MOVEit DMZ FTP server as long as each different cert can be assigned to a different IP address. In other words, you need to expose multiple IP addresses on your MOVEit DMZ server if you want to support multiple certificates.
For technical details, please see FTP Certs in FTP - Configuration.