NOTE:SSL/TLS connections use digital certificates for authentication. Depending on how your certificate was issued and the way your host is configured, you may need to install a host and/or personal certificate before you can connect using SSL/TLS.
To configure a secure SSL/TLS connection in the FTP Client
Start the FTP Client.
This opens the Connect to FTP Site dialog box. (If the FTP Client is already running and this dialog box is not open, go to Connection > Connect.)
Perform one of the following tasks:
To |
Do This |
---|---|
Create a new site |
From the Connect to FTP Site dialog box, click New. In the Add FTP Site dialog box, enter the name or IP address of your FTP server host, and then click Next. In the Login Information dialog box, select User. |
Modify an existing site |
From the Connect to FTP Site dialog box, select a site. |
Click Security.
From the SSL/TLS side menu, select Use SSL/TLS Security.
(Optional) To specify the minimum allowable level of encryption for SSL/TLS connections, select a level in the Encryption strength list. The connection fails if this level cannot be provided.
Encryption strength options |
Description |
---|---|
Recommended ciphers |
When Recommended ciphers is selected, the FTP Client will negotiate with the host system to choose the strongest encryption level supported by both the host and the client. This new setting will contain the recommended encryption level from Micro Focus, and will change periodically. If you are running in FIPS mode and select Recommended ciphers, the FTP Client will negotiate using only FIPS compliant encryption levels. |
Custom ciphers |
When Custom ciphers is selected, you will be prompted to select from a list of available ciphers in the Custom Ciphers list view. NOTE:Session files from previous versions of Reflection that use default, 168, 128 or 256 bit Encryption Strength will be imported as Custom ciphers and maintain the list that was used in prior versions for those settings options. |
(Optional) Click Configure PKI.
The PKI Configuration dialog box opens, from which you can manage the digital certificates used for authentication.
Click Reflection Certificate Manager.
In the Reflection Certificate Manager dialog box, select the Trusted Certificate Authorities tab.
Click Import and browse to select the CA certificate for the server.
Modify default settings as required. (For example, to use only the Reflection Certificate Manager, you might choose to clear Use System Certificate Store for SSL/TLS connections. When this option is selected, Reflection FTP Client looks for certificates in both the Reflection Certificate Manager store and the Windows certificate store.)
When you customize any of the default PKI settings, the pki_config file is created.
Close the Certificate Manager dialog box and click OK to close the other open dialog boxes.
The imported certificate is saved in the trust_store.p12 file.
After a connection is established, click the Save button on the Quick Access toolbar and save the session document.
Perform one of the following tasks:
If you are |
Do This |
---|---|
Creating a new site |
Click OK to close the Security Properties dialog box and then click Next. In the FTP User Login dialog box, type your user name on the FTP server and then click Next. Click Finish. |
Modifying an existing site |
Click OK to close the open dialog boxes. |
NOTE:
Before making an SSL/TLS connection, Reflection authenticates the host system. The certificate presented by the host for this purpose must be from a trusted certificate authority. If your computer does not recognize the certificate authority, you will not be able to make SSL/TLS connections. Depending on how a host certificate was issued, you may need to install the certificate on your computer.
When you make an SSL/TLS connection, a padlock icon appears indicates that the data stream is encrypted. A key icon indicates that the command channel (including the entered password) is encrypted.