Skip to main content

Client Certificate Verification

David Sain

Hi All.

 

I'm a bit new to this product.  Just trying to implement Cerberus FTP server with a client and their "outside clients".

 

We've got it setup and can receive files from "outside clients".

 

This article says Client Certificate Authentication is for FTPS and HTTPS connections.

https://www.cerberusftp.com/products/features/cerberus-ftp-server-client-certificate-authentication/

 

One of my clients "outside clients" wants to do certificate authentication with a public cert.  I have a certificate for this domain name, but not sure what the next steps are.  We are using SFTP for transport.

 

If this is possible, is it possible to have this happen with one but not others, or is this an all or nothing scenario?  If all or nothing, I'm happy to work with the other "outside clients" to implement that.

 

Thanks,

David

0

Comments

2 comments

Date Votes
  • Dana Anderson
    Product Support

    Hello, David. 

     

    SSL-based client certificate verification is a very rarely used feature and requires a fair amount of knowledge and setup on the administrator's part to work correctly. You will need to generate your own client SSL certificates and make sure they are signed by a CA listed in your CA file. The CA file is specified on the Security page. Once you enable client certificate verification, all SSL connections will require a client certificate. It's all or nothing with client certificate verification.

     

    Please note that SSL client certificate verification is completely different from public key authentication used in SSH.

    Cerberus cannot generate client certificates for you. 

    You will need to set up your own CA using something like OpenSSL (there are tutorials for this available online).

    Your custom CA would generate and sign your server certificate, and would also generate and sign all client certificates. The CA would have its own certificate that you would assign as the CA file on the Security page in Cerberus FTP Server.

    The general steps are below:

    1. Set up a Certificate Authority (CA) with OpenSSL or similar tool.
    2. Create a CA certificate.
    3. Generate a server certificate and private key for Cerberus FTP Server and sign the server certificate with your CA certificate.
    4. Assign the server certificate and private key to Cerberus on the Security page of the Server Manager.
    5. Assign the CA certificate as the CA File on the Security page in Cerberus.
    6. Using your CA, generate client certificates for your FTPS clients.
    0
  • David Sain

    Thank you Dana!

     

    Have a great weekend,

    David

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post