What is a Server Certificate?
The most common use of a digital certificate is to verify that a user (or server) sending a message is who he or she claims to be and to provide the receiver with the means to encode a reply.
There are generally two options for obtaining a digital certificate (and the accompanying private key).
- You can generate your own self-signed certificate using the Cerberus FTP Server Getting Started Wizard or the Generate CSR tool in Cerberus ('Tools' tab then 'Generate a CSR'). See Creating a Self-Signed Certificate.
- You can obtain a certificate from a recognized Certificate Authority. See Creating a Certificate Signing Request.
Which is more appropriate really depends upon your goals. If you just want to make sure that client and server connections are securely encrypted then a self-signed certificate is all you need. It has the benefit of being easily created through Cerberus and completely free.
If your goal is to make sure that your clients can verify that the server they are connecting to is legitimate and ensure they don’t see any warning messages about being “unable to verify the server” then using a certificate signed by a trusted certificate authority is required. You will have to contact one of the recognized Certificate Authorities such as Comodo, Thawte, Verisign or one of the many other recognized Certificate Authorities and request a server certificate (for a price).
Can I just use a Self-Signed Certificate?
Yes, but your users will not be able to easily verify your server’s identity. If you are using Cerberus FTP Server exclusively on your own private network, or are just looking to test Cerberus FTP Server out before deploying it on the Internet, a self-signed certificate is more than adequate. You can always change your certificate later to one signed by a recognized Certificate Authority.