cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FTPS - X.509 client authentication

Go to solution
silentbull
Participant

on ‎03-22-2016 3:52 PM

0 Kudos

Hi

I have a FTP receiver scenario which has FTPS using control and data connection and the third party has given both the private and public key to be loaded into trusted CA.

since it is important data, we wanted to be secure.

But it seems like the connectivity works and transmissions are happening even though i have not checked the x.509 for client authentication.

Does it mean it is not secure ? The network team confirmed that the trace shows FTPS only.

Am bit confused on what the use of certificate then?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member182412
Active Contributor
‎03-22-2016 4:29 PM
0 Kudos

Hi Sam,

When PI try to establish FTPS connection first it will check the target server is trusted or not by scanning all the certificates in TrastedCA in NWA and you already imported the server public key so this connection established successfully.

After connection established you can authenticate FTPS using two ways

  • FTPS with user based authentication
  • FTPS with certificate based authentication

If you don't select the certificate then it is user based authentication as you currently connecting, if you want to authenticate by certificate then you need to select the certificate in the channel but both are FTPS only and secure.

Regards,

Praveen.

Show replies
Show replies
silentbull
Participant
‎03-22-2016 5:56 PM
0 Kudos

Hello Praveen

Thanks for the explanation.

that clearly explains why the channel worked even though the x.509 is unchecked.

Am i right in assuming that the same certificate loaded in the NWA is used for both FTPS authentication and to check whether the target server is trusted or not.

Regards

Sam

former_member186851
Active Contributor
‎03-22-2016 6:21 PM
0 Kudos

Hello Sam,

Yes correct.

the same certificate only will be used since its in trusted CAS as praveen suggested.

I was a bit confused while answering you first ime.

former_member182412
Active Contributor
‎03-23-2016 12:28 AM
0 Kudos

Hi Sam,

  • If you want only trust the server then you only need server's root CA certificate import into NWA
  • If you want to authenticate yourself by client authentication then you need to import server's key/certificate pair into NWA

Regards,

Praveen.

Answers (1)

Answers (1)

former_member186851
Active Contributor
‎03-22-2016 4:26 PM
0 Kudos

Hello Sam,

If its FTPS it will work with certificate only,thats why it is secured.

In the channel are you sure you didnt check the certificate authentication?

Show replies
Show replies
Ask a Question