Articles and news

Secure your FTPS server with Let's Encrypt

Thu 29 November 2018 | article

Introduction

Let's Encrypt for FTPS Server

What is Let's Encrypt?

Let's Encrypt is a certificate authority that provides SSL/X.509 certificates at no charge. You can read more on the subject in the Wikipedia article on Let's Encrypt.

A Let's Encrypt certificate is valid for 90 days, but it is recommended to renew it 30 days before expiration.

Certificates are provided using an automated process designed to automate creation, signing, installation, and renewal of certificates for websites in a secure manner.

Only Domain-validated certificates are being issued. Organization-Validated and Extended Validation (EV) Certificates are not available.

How does Let's Encrypt work?

Let's Encrypt uses the Automatic Certificate Management Environment (ACME) protocol.

ACME is a communications protocol for automating interactions between certificate authorities and their users, allowing automated deployments of public key infrastructure (PKI).

SFTPPlus as an ACME client

SFTPPlus implements the client side of the ACME protocol.

It can connect to the Let's Encrypt ACME server, and automatically request SSL/X.509 certificates, free of cost.

To prove that it has administrative rights over a domain, SFTPPlus runs an embedded HTTP server, available over port 80, which implements the HTTP-01 challenge of the ACME protocol.

SFTPPlus can automatically request certificates for HTTPS and FTPS file transfer services, as well as for the Local Manager web console.

Let's Encrypt and FTPS

While Let's Encrypt was created for HTTPS websites, you can use the same certificate signed by Let's Encrypt's Certificate Authority for FTPS communication.

You can use Let's Encrypt for both Explicit FTPS and Implicit FTPS. The certificates can be used over both SSL and TLS, including TLS 1.2.

You still need to have port 80 opened or forwarded to SFTPPlus for the automated certificate generation and renewal.

Check our dedicated documentation page to see how to enable Let's Encrypt for your FTPS server.

This resource is written as of SFTPPlus version 3.42.0.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, AIX, MacOS, Solaris, HP-UX, and FreeBSD.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

• • •

SFTPPlus Release 3.42.0

Tue 27 November 2018 | general release

We are announcing the latest release of SFTPPlus version 3.42.0.

New Features

  • You can now define a custom CSS file for HTTP/HTTPS file transfer services. [server-side][http][https] [#5101]
  • You can now automatically get SSL/X.509 certificates signed by Let's Encrypt's certificate authority. [ftps][https] [#5117]
  • The sample init scripts were updated to allow starting SFTPPlus directly under an unprivileged service account. [#5132]
  • It is now possible to set a database event handler which will automatically delete older events. In this way you can limit the size of the database. [#5137]
  • Amazon Linux 2 on X86_64 is now a supported platform. [#5139]

Defect Fixes

  • The MySQL database resource is no longer erroneously marked as requiring a restart in the Local Manager. [#5137]

You can check the full release notes here.

• • •

SFTPPlus Release 3.41.1

Wed 21 November 2018 | general release

We are announcing the release of SFTPPlus version 3.41.1 which is a bugfix release to always transfer the marker file as the last file in marker based batch transfer.

By transferring the marker file as the last file, a failed transfer can be resumed.

No other changes were done in this release on top of 3.41.0.

Defect Fixes

  • In marker based batch transfer, the marker file is now always transferred last. [client-side] [#5143]

You can check the full release notes here.

• • •

SFTPPlus Release 3.41.0

Thu 15 November 2018 | general release

We are announcing the release of SFTPPlus version 3.41.0 which adds support for running HTTP/HTTPS services behind a Layer 7 HTTP Application load balancer.

New Features

  • It is now possible to define a list of HTTP Host header origins accepted by the HTTP file transfer services and the Local Manager. This allows running compatible SFTPPlus services behind a load balancer without compromising on the default CSRF checks. [server-side][http][https] [#5138]

You can check the full release notes here.

• • •

SFTPPlus Release 3.40.1

Wed 14 November 2018 | general release

We are announcing the release of SFTPPlus version 3.40.1 which is a bugfix release. Starting with this version, the option to hide the SFTPPlus authentication session from the www-authenticate headers is visible in the Local Manager.

No other changes were done on this release on top of 3.40.0

Defect Fixes

  • The option to hide the SFTPPlus authentication session from the www-authenticate headers is now visible in the Local Manager. [server-side][http][https] [#5134]

You can check the full release notes here.

• • •