Configuring listeners for SSL

For a host to be accessible via SSL, clients must connect to the host using the IP address and port of an SSL-enabled listener.

• To configure a host to be accessible via SSL:

1. From the top menu, select Server > Listeners. The Listeners page opens.
2. Click the IP address of the listener you want to open. The Edit Listener page opens.

   Note: Since SSL can be configured only on FTP listeners, make sure that you select a listener that displays FTP in the Server type column.

3. Under Hosts Associated with this Listener, verify that the host you want to be accessible via SSL is listed. If it is not, add the host before proceeding to the next step. For more information, see Associating a Host with a Listener.
4. Verify that the listener has the SSL type set to SSL enabled or Implicit SSL.
5. Next, specify the SSL certificate for the listener to use to negotiate SSL connections.

• To specify an SSL certificate:

1. From the top menu, select Server > Listeners. The Listeners page opens.
2. Click the IP address of the listener you want to open. The Edit Listener page opens.

   Note: Since SSL can be configured only on FTP listeners, make sure that you select a listener that displays FTP in the Server type column.

3. Under Encryption Options, click Edit SSL Settings. The Listener Encryption Settings page opens.

   

4. Verify that the certificate listed in SSL certificate is the certificate you want to use. If no certificate is listed, or if a certificate other than the one you want to use is listed, click Select. The Select SSL Certificate page opens. From this page, you can select, create or import a certificate to use.
   

   Caution: The certificate applied to the listener is the SSL certificate used for all hosts assigned to this listener when a client attempts an SSL connection. Changing the certificate listed in SSL certificate affects all hosts assigned to this listener.

5. The SSL listeners allow for the selection of individual ciphers supported by OpenSSL. Ciphers can be added or removed for each listener but require at least one be defined for each SSL listener.

Note: WS_FTP Server will use the Server preferences rather than the Client preferences while selecting the ciphers.

Caution: Individual ciphers may be selected but may not be available. The actual availability will depend on the SSL protocol enabled and the type and size of the SSL certificate.

Caution: Individual ciphers will be ignored if either of the System Details Cryptographic Modules (Operate in FIPS 140-2 or Disable CBC Mode Ciphers) are selected. These setting will use a predefined cipher group and ignore individual ciphers

In addition to the SSL settings configured on the listener, there are several options that are host-specific. To edit these options, select Host > Host Settings > SSL Settings from the top menu.