The following dialog is displayed when you click on the Configure TLS menu option in the Configurator. This page has buttons to import TLS certificates, create a new certificate, and view the Configurator's certificate store. You can also select Robo-FTP's default TLS client-side certificate on this page.
To use a client certificate for TLS mutual authentication on FTPS or HTTPS connections:
1. Create or import a client certificate and matching private key.
The Configurator's built-in TLS certificate creator creates a client certificate with a corresponding private key and loads them into its TLS certificate store. You can also import certificates/key pairs created in other utilities or issued by third-party Certificate Authorities.
It is also possible to create a Certificate Signing Request (CSR) to be signed by a Certificate Authority (CA). Send the CSR to the CA of your choice (e.g. Verisign, Thawte, GoDaddy, etc.) and then, when the signed certificate is returned, click the "Import Signed Cert" button on the corresponding Incomplete CSR row to import it.
If your certificate requires an Intermediate Certificate Authority Cert you can attach it to the certificate after import by right clicking on the certificate and selecting...
2. Let the remote server know about your certificate.
Your client certificate must be loaded on the remote server where it will be used to authenticate your connection. You can extract your certificate from the Configurator's key store by:
a.Right-Click the desired certificate row in the grid and choose Copy Client Certificate from the pop-up menu to copy the contents of your client certificate into the Window clip board.
b.Open a plain text editor program like the Window's Notepad and paste the contents of your client certificate.
c.Save the file with a name indicating it's contents.
d.Send the file to the administrator of the remote FTPS or HTTPS site and inform them that it contains your client certificate in OpenSSL format.
3. Let Robo-FTP know to use a TLS client certificate to authenticate.
There are two method of letting Robo-FTP know to use a TLS client certificate to authenticate with an FTPS or HTTPS server:
•If a Managed Site name is passed to FTPLOGON command's [ site ] argument and the "TLS Client Cert" checkbox is selected in that Managed Site record then the certificate listed in the list box below that checkbox will be used for authentication.
•If the FTPLOGON command's /keyauth option is used then Robo-FTP will used the key marked as the Default in the Configurator unless the [ site ] argument specifies a Managed Site record that specifies a different TLS client certificate.
See also: Default TLS Certificate, Create TLS Certificate
Related Topics: TLS Certificates and Connections, FTPS, HTTPS