The following dialog is displayed when you click on the Configure SSL menu option in the Configurator. This page has buttons to import SSL certificates, create a new certificate, and view the Configurator's certificate store. You can also select Robo-FTP's default SSL client-side certificate on this page.
To use a client certificate for SSL mutual authentication on FTPS or HTTPS connections:
1. Create or import a client certificate and matching private key.
The Configurator's built-in SSL certificate creator creates a client certificate with a corresponding private key and loads them into its SSL certificate store. You can also import certificates/key pairs created in other utilities or issued by third-party Certificate Authorities.
It is also possible to create a Certificate Signing Request (CSR) to be signed by a Certificate Authority (CA). When the signed certificate is returned by the CA, right-click the matching CSR row and choose Import Signed Certificate from the pop-up context menu. Unsigned CSR rows are easy to identify on the grid due to the absent expiration date.
2. Let the remote server know about your certificate.
Your client certificate must be loaded on the remote server where it will be used to authenticate your connection. You can extract your certificate from the Configurator's key store by:
| a. | Right-Click the desired certificate row in the grid and choose Copy Client Certificate from the pop-up menu to copy the contents of your client certificate into the Window clip board. |
| b. | Open a plain text editor program like the Window's Notepad and paste the contents of your client certificate. |
| c. | Save the file with a name indicating it's contents. |
| d. | Send the file to the administrator of the remote FTPS or HTTPS site and inform them that it contains your client certificate in OpenSSL format. |
3. Let Robo-FTP know to use a SSL client certificate to authenticate.
There are two method of letting Robo-FTP know to use an SSL cleint certificate to authenticate with an FTPS or HTTPS server:
| • | If a Managed Site name is passed to FTPLOGON command's [ site ] argument and the "SSL Client Cert" checkbox is selected in that Managed Site record then the certificate listed in the list box below that checkbox will be used for authentication. |
| • | If the FTPLOGON command's /keyauth option is used then Robo-FTP will used the key marked as the Default in the Configurator unless the [ site ] argument specifies a Managed Site record that specifies a different SSL client certificate. |
See also: Default SSL Certificate, Create SSL Certificate
Related Topics: SSL Certificates and Connections, FTPS, HTTPS