All client and server certificates used by MOVEit Transfer FTP must be X.509 certificates.
Server certificates let remote FTP clients confirm the identity of your FTP server and are an important part of SSL secure channel negotiation. A server certificate is always required by MOVEit Transfer FTP; MOVEit Transfer FTP will send an email notification if it does not have at least one valid server certificate.
Client certificates help MOVEit Transfer confirm the identity of FTP clients. Client certificates are optional, but they must ALWAYS be provided when connecting to the optional Client Certs Explicit Port or the Client Certs Implicit Port on MOVEit Transfer, whether or not the certs are used during authentication (as per user-level authentication settings). MOVEit Transfer supports client certificates on both its explicit and implicit ports, and over all three modes of FTP/SSL. For more information, see FTP - Configuration (Ports Tab.
A list of compatible clients and encryption options is included in this documentation.
MOVEit Transfer provides two "missing certificate" reminders to ensure at least one valid certificate has been installed. The first is the MOVEit Transfer Check utility which runs after each installation and upgrade and may also be run manually from the Start | Programs | MOVEit Transfer menu. This utility will report a connection error if the FTP server certificate is bad or missing. The second reminder is an email with certificate assignment instructions sent by the FTP server itself when the service is started. This email will be sent 14 days before a certificate expires, every day after a certificate expires and every day a certificate is not available.
It is possible to assign multiple server certificates to the MOVEit Transfer FTP server as long as each different cert can be assigned to a different IP address.You must expose multiple IP addresses on your MOVEit Transfer server if you want to support multiple certificates.
For technical details, see FTP Certs in FTP - Configuration.