People who use SSL/TLS to secure their online transactions/file transfers are mostly only familiar with two of its security functions: 1. That it can encrypt data in transit and 2. That it can enable clients to authenticate the server. They're likely not making use of another feature that can greatly enhance SSL security even more - client certificate authentication.
If you've been following our posts, you know that client certificate authentication has been the subject of our discussion lately. However, we've never been able to talk about how to enable it on the server side. This quick post will be all about that.
We'd like to cover both HTTPS and FTPS client authentication activation in a single article. We can easily do that because we'll be using a file transfer server that supports both protocols. The UI you'll be seeing on this tutorial will be that of JSCAPE MFT Server, a managed file transfer server that supports HTTPS, FTPS, SFTP, AS2, FTP, OFTP, WebDAV, and others.
Enabling SSL client authentication on JSCAPE MFT Server is easy. Here's how.
Enabling SSL client authentication for HTTPS
Launch the JSCAPE MFT Server Manager and go to Server > Settings.
Once inside the Server Manager, navigate to Web > Web tab and then tick the HTTPS client certificate required check box. Make sure the HTTPS on host check box is also ticked, as this feature is only available if secure HTTP is enabled. After that, click the Save button at the lower-right corner (not shown in the screenshot).
That's it. You would have then enabled SSL client authentication on this server. Of course, you still would have to create client certificates and import those certificates into your users' Web browsers before your users can start logging in via client authentication.
Recommended read: TLS vs SSL - Know The Difference
Enabling SSL client authentication for FTPS
Let me now show you how to enable digital client authentication on this server's FTP-SSL service.
Enter a domain on the server and then navigate to the Services menu. Next, click on the FTP/S tab. Somewhere near the bottom, you should see the check box that says require client certificate for authentication. Select that to activate client authentication. Again, make sure you save those changes.
Just like in secure HTTP, you still would need to create client certificates and import those certificates to your end users' clients so that they can connect with this FTPS server. Not all file transfer clients support client certificate authentication, so you need to check that first. One client that does support this feature is AnyClient. AnyClient also supports SFTP keys, OpenPGP, and several file transfer protocols. Best of all, it's free.
Try SSL client authentication
JSCAPE MFT Server comes with a free, fully-functional evaluation edition. If you want to give client authentication a test run, download a copy of JSCAPE MFT Server by clicking the download button below.