For today’s MFT security tip, let’s talk about using digital certificates for server authentication. Ideally, when your users attempt to connect to your file transfer server, they must have a way of verifying that they’re actually connecting to your server and not an impostor. Otherwise, they could end up uploading sensitive data to the wrong host.
Play this if you prefer to watch the video version instead
The most common way of authenticating servers is by employing what are known as digital certificates. Digital certificates are more suitable for server authentication because they’re very scalable, especially if you’re using certificates digitally signed by a certificate authority recognized by the connecting client applications.
When a client attempts to connect, the server submits its digital certificate and the client can then authenticate the server’s identity using the contents of that certificate. Server authentication using digital certificates is fully automated. There’s no human interaction, so it’s really ideal for B2B transactions.
We won’t go into the details of the entire process but, if you’re interested, you could check out the following articles:
In JSCAPE MFT Server, file transfer protocols that employ SSL or TLS like FTPS, HTTPS, and even AS2 running on HTTPS, all support server authentication using digital certificates. To employ TLS digital certificates on MFT Server, you could generate a self-signed certificate or a certificate signing request or CSR and obtain a certificate signed by a duly recognized certificate authority.
Some protocols, like AS2, also have built in support for digital certificates. Meaning, an AS2 service doesn’t need TLS to use digital certificates. Again, we’ve provided some links above if you want to learn more about digital certificates or how to set them up on JSCAPE MFT Server.
That’s it. See you again next time for another MFT Security tip.