Secure your FTPS server with Let's Encrypt

Thu 29 November 2018 | article


Let's Encrypt for FTPS Server

What is Let's Encrypt?

Let's Encrypt is a certificate authority that provides SSL/X.509 certificates at no charge. You can read more on the subject in the Wikipedia article on Let's Encrypt.

A Let's Encrypt certificate is valid for 90 days, but it is recommended to renew it 30 days before expiration.

Certificates are provided using an automated process designed to automate creation, signing, installation, and renewal of certificates for websites in a secure manner.

Only Domain-validated certificates are being issued. Organization-Validated and Extended Validation (EV) Certificates are not available.

How does Let's Encrypt work?

Let's Encrypt uses the Automatic Certificate Management Environment (ACME) protocol.

ACME is a communications protocol for automating interactions between certificate authorities and their users, allowing automated deployments of public key infrastructure (PKI).

SFTPPlus as an ACME client

SFTPPlus implements the client side of the ACME protocol.

It can connect to the Let's Encrypt ACME server, and automatically request SSL/X.509 certificates, free of cost.

To prove that it has administrative rights over a domain, SFTPPlus runs an embedded HTTP server, available over port 80, which implements the HTTP-01 challenge of the ACME protocol.

SFTPPlus can automatically request certificates for HTTPS and FTPS file transfer services, as well as for the Local Manager web console.

Let's Encrypt and FTPS

While Let's Encrypt was created for HTTPS websites, you can use the same certificate signed by Let's Encrypt's Certificate Authority for FTPS communication.

You can use Let's Encrypt for both Explicit FTPS and Implicit FTPS. The certificates can be used over both SSL and TLS, including TLS 1.2.

You still need to have port 80 opened or forwarded to SFTPPlus for the automated certificate generation and renewal.

Check our dedicated documentation page to see how to enable Let's Encrypt for your FTPS server.

This resource is written as of SFTPPlus version 3.42.0.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, AIX, MacOS, Solaris, HP-UX, and FreeBSD.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.