2019 Archive

SFTPPlus Release 3.51.0

Mon 04 November 2019 | general release

We are announcing the latest release of SFTPPlus version 3.51.0.

New Features

  • It is now possible to configure HTTP POST event handlers and HTTP authentication methods with multiple URLs which will act as a fallback. [#1788]
  • You can now configure file transfers to ignore source files older than a certain time. [client-side] [#5081]
  • SFTP and SCP protocols now support the hmac-sha2-512 MAC algorithm. [sftp][scp] [#5313-1]
  • SFTP and SCP protocols now support diffie-hellman-group14-sha256, diffie-hellman-group15-sha512, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512, and diffie-hellman-group18-sha512 key exchange algorithms as required by RFC-8268. [sftp][scp] [#5313]
  • You can now configure a retention period for the archived files of a transfer. Older files from the archive folder will be automatically removed by SFTPPlus. [client-side] [#5314]
  • The SFTPPlus globbing expressions now support defining multiple patterns in a logical disjunction expression OR using the vertical bar character |. [#5316]
  • Remote SSH server's fingerprint can now also be defined as SHA1, SHA256, an SSH public key, or an X.509 SSL/TLS certificate. MD5 fingerprints are still supported. [client-side][sftp] [#5327-1]
  • Alpine Linux 3.10 on X86_64 is now a supported platform. [#5282]
  • The bundled OpenSSL libraries in Windows, Generic Linux, and OS X, were updated to version 1.1.1c. [#5286]

Defect Fixes

  • The ignore_create_permissions configuration option will now also ignore setting attributes when a file is created. In previous versions, attributes were ignored only for folders. [server-side][sftp] [#1741]
  • The HTTP CONNECT proxy now works with HTTP endpoints. In previous versions, it was only working with HTTPS endpoints. [#1788]
  • Transfers with a WebDAV location as source no longer fail when the WebDAV server returns a "302 FOUND" response. The response is now ignored and considered a transient error. [client-side][webdav][sharepoint] [#5300], [#5309]
  • File dispatcher event handler can now handle events with more than 2 associated paths. In previous versions, only the first and the last paths for an event were handled. [#5317-1]

Deprecations and Removals

  • The ssh_server_fingerprint configuration option was replaced by a new ssh_server_identity option in new configurations. The ssh_server_fingerprint option is still accepted for backward compatibility with older configurations. [client-side][sftp] [#5327]
  • Support for Alpine Linux 3.7 on X86_64 was removed. [#5282]
  • Support for Ubuntu Linux 14.04 LTS on X86_64 was removed. Please try the generic Linux package if you still use this version of Ubuntu Linux. [#5312]

You can check the full release notes here.

• • •

SFTPPlus Release 3.50.0

Tue 23 July 2019 | general release

We are announcing the latest release of SFTPPlus version 3.50.0.

New Features

  • The embedded Let's Encrypt client now has the option to debug the HTTP ACME protocol. [#5287]
  • It is now possible to install multiple SFTPPlus instances on the same Windows operating system, all operating and active at the same time. [#5291]

Defect Fixes

  • The embedded Let's Encrypt client can now successfully request certificates. A defect was introduced in 3.48.0, which was preventing requesting new certificates. [lets-encrypt] [#5287]

You can check the full release notes here.

• • •

SFTPPlus Release 3.49.0

Mon 24 June 2019 | general release

We are announcing the latest release of SFTPPlus version 3.49.0.

New Features

  • You can now use PXF / PKCS#12 certificates in SFTPPlus without converting them to the PEM format first. [#2596]
  • The HTTP file transfer server web UI now has dedicated ID for each UI element making it easier to implement themes. [web-server][http][https] [#3224]

Defect Fixes

  • Documentation for the group's ssh_authorized_keys_path configuration option was updated to specify that reading multiple SSH keys from a single file is not supported. This implementation change was done in version 2.6.0, but the documentation was not updated until now. [server-side] [#1296]
  • FTP client transfers no longer create empty files on transfer failures. [client-side][ftp][ftps] [#3006]
  • You can now create new SFTP services from the Local Manager web interface. This issue was introduced in version 3.46.0. [server-side][sftp] [#4124]
  • When using the client shell, passwords are now masked by default. [security][client-side] [#5213]
  • Local Manager's web interface now has an explicit button for disabling a password. In previous versions it was required to type disabled to disable the usage of a password. [manager] [#5236]

You can check the full release notes here.

• • •

SFTPPlus Release 3.48.0

Mon 27 May 2019 | general release

We are announcing the latest release of SFTPPlus version 3.48.0.

New Features

  • HTTP POST event handler can now be configured to automatically retry on network and HTTP errors. [server-side][http-api] [#2619]
  • It is now possible to configure a file transfer service to emit debugging events for the low-level protocol used. [http][ftp][ftps][sftp][scp][server-side] [#2697]
  • The Python Extension event handler now handles events on multiple CPUs. In previous versions all events were handled by a single CPU. [#5262]
  • A new destination path action named single-file was added to transfer multiple source files as a single destination file. [client-side] [#4054]
  • You can now disable the overwriting rule for a transfer destination. In this way, the file is uploaded right away, without doing any extra requests on the server. [client-side] [#4054]
  • Debian 9 is now a supported platform. [#3353]

Defect Fixes

  • When changing the current folder in FTP, the SFTPPlus server now only checks that the path is a folder and that path traversal is allowed. It no longer tries to see if the operating system allows listing content. Asking the operating system to list content for every target directory could have caused performance issues. [server-side][ftp][ftps] [#2111]
  • You can now use a local directory with a large number of files (more than 10.000), as the source for a transfer. [client-side] [#1319]
  • The local filesystem source location no longer stops to monitor the source on I/O errors. It will log an error and retry to get the content again after changes_poll_interval seconds. [client-side] [#3350]
  • The SysV and OpenRC init scripts now work when executed as root user. This was a defect introduced in 3.42.0. [#3353]

Deprecations and Removals

  • The Python Extension event handler no longer takes a parent argument. The events are no longer handled in separate threads. Instead, they are added to a queue to be executed on a dedicate CPU. [#5262]
  • Support for Ubuntu 16.04 on ARM64 was removed. [#3353]
  • Support for Debian 8 was removed. [#3353]

You can check the full release notes here.

• • •

SFTPPlus Release 3.47.0

Thu 11 April 2019 | general release

We are announcing the latest release of SFTPPlus version 3.47.0.

New Features

  • You can now configure multiple domains for a free Let's Encrypt certificate using the subjectAlternativeName field. [server-side][ftps][https] [#5108]
  • A new event handler of type external-executable was added to execute external scripts or programs. [#5234]
  • Windows Server 2019 is now a supported platform. [#5241-1]
  • The bundled OpenSSL libraries in Windows, SLES 11, and OS X were updated to versions 1.1.1b, adding support for TLS 1.3. [#5241]

Defect Fixes

  • The WebDAV location now ignores HTTP proxy errors when they occur while monitoring a remote SharePoint Online site. [client-side][https] [#5114-1]
  • The WebDAV location now works with multiple parallel transfers from the same SharePoint Online source. [client-side][https] [#5114]
  • The SFTP and SCP file transfer services will no longer block the whole SFTPPlus process during the SSH handshake. [server-side][sftp][scp] [#5202]

Deprecations and Removals

  • Event with ID 20057, emitted when execute_at_startup times out, was removed and replaced by event with ID 20056. [#5234]

You can check the full release notes here.

• • •

Endpoint FTPS and SFTP server for DWP GFTS

Tue 02 April 2019 | blog

A red floppy disk.

The electronic data interchange (EDI) of the Department for Work and Pensions (DWP) in the United Kingdom is done via the Generic File Transfer Service (GFTS) gateway.

This article is aimed at companies which need to exchange files and data with the DWP. These entities are referred by DWP as creditor server or endpoint FTPS server.

The information is also valid for the E-Transfer systems used by local councils.

In practice, this means that as a partner to DWP you will have to set up and host an Explicit FTPS server. DWP is operating an FTPS client and actively pushes data to you.

Electronic data interchange (EDI) is the concept of electronically communicating information that was traditionally communicated on paper, such as purchase orders and invoices.

Connection Security

The connection between your company and DWP is secured using certificate-based mutual TLS authentication (mTLS) (also referred to as two-way authentication). DWP will provide the SSL certificate used by their client, while your company will have to provide the SSL certificate used by your FTPS server.

With SFTPPlus you can use a certificate generated by any certificate authority (public or your private CA).

Integration with the Let's Encrypt Certificate Authority is provided via the HTTP-01 challenge. SFTPPlus can seamlessly obtain and use a certificate from the Let's Encrypt CA. The certificate is automatically renewed.

On top of the security provided by the TLS/SSL layer, username/password credentials are used to identify the requests from DWP.

SFTPPlus can support a multi-channel architecture, allowing you to use the same SFTPPlus server for exchanging files with multiple partners, not only with DWP.

Read more about securing FTPS server with SFTPPlus in our dedicated documentation page.

Client / Server Data Exchange

FTPS is an open standard file transfer protocol built on a client-server model architecture.

The client is the active component which controls when and what type of file transfer operation to perform. The client generates an authenticated connection to the server and asks the server to push or pull files. DWP will act as a client.

The server is the reactive component which controls who can perform file transfer operations and what kind of file operations are allowed. The server stays idle and only becomes active once it receives a connection from the client. Your system will act as a server.

Once the data is pushed by DWP, it will reside as files on your system. From there it will be further processed and consumed by your business system.

ProAtria DWP Expertise

ProAtria, the developer of SFTPPlus, is a long-term partner for the project deployed at DWP. We have helped with the migration from insecure FTP to Explicit and Implicit FTPS systems and with the migration from legacy Solaris-based systems to a modern Linux-based cloud infrastructure.

We are involved in the delivery and maintenance of the Digital Children’s Platform (DOS 012) and the data exchange between DWP and the Scottish Government.

We offer broad expertise into the data exchange with DWP and DVLA. Our customers benefit of help and consultancy for their DWP and DVLA related projects without any additional cost.

A server rack.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, and macOS.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

• • •

SFTPPlus Release 3.46.0

Mon 11 March 2019 | general release

We are announcing the latest release of SFTPPlus version 3.46.0.

New Features

  • The HTTP/HTTPS file transfer service now supports downloading multiple files at once as a Zip file. [server-side][web-api][http][https] [#5093]
  • It is now possible to set up password expiration for accounts and groups. [server-side][security] [#5146]
  • It is now possible to configure the preferred size of the group in the SSH Diffie-Hellman group key exchange method. [server-side][sftp][scp] [#5205]
  • The file dispatcher event handler now supports the copy action. This will copy the source file to one or more destinations, without removing the source file. [server-side][client-side] [#5210]
  • The file dispatcher event handler now supports the rename action. This will rename the source file (with an atomic move operation) without overwriting an existing file. [server-side][client-side] [#5220]

Defect Fixes

  • An event is now emitted when a file is closed after it was open for reading through the HTTP file transfer service. [server-side][http][https] [#5093]
  • The HTTP/HTTPS file transfer service now responds with 401 Unauthorized for requests made with 100 Continue when no credentials are provided in the request. [server-side][http][https] [#5223]

You can check the full release notes here.

• • •

FTP client uploads with temporary names

Thu 21 February 2019 | ftp client-side blog

A drawer with file tabs.

When closely investigating managed file transfers, pushing a file to a remote FTP server turns out to be just a phase in a series of interlinked processes.

Once the file arrives on the FTPS server, it is read and further processed. The next step might involve downloading the file or copying it to another processing area.

When uploading a large file, copying or pulling it before completing the transfer can result in corrupted file data. For example, a pull operation might start before the file is fully uploaded, with only a fragment of the original file available for download.

Another common case in which data corruption may happen is when a partial upload occurs because of connection failures during transfer. A client starts sending a file to the server, but at some point connection is lost. Maybe the client VM was powered off unexpectedly or the network became temporarily unavailable for too long. This will result in a partial file being left on the server, which can be accidentally processed by the next stage in our process.

This is a serious issue with FTP and FTPS connections. FTP protocols do not mandate sending the total file size before an upload. Furthermore, they do not make use of an explicit end-of-file marker. An FTP client signals the completion of an upload by simply closing the data connection.

To mitigate this problem, a file locking mechanism can be implemented by uploading files using temporary names and then renaming them back to their initial names once all the data was pushed by the client.

Clients like WinSCP will use temporary names formed by appending a non-configurable .filepart extension to the initial file names.

In SFTPPlus you can configure a file transfer to use any suffix / extension during the upload, you are not restricted to the .filepart one. . For example, you can use the .tmp or .incomplete extensions.

Screenshot with transfer destination in SFTPPlus.

By using temporary names you can implement a process in which transferred files are locked while their contents are being uploaded. The chained process will ignore files with temporary names, only handling transferred files after the final rename operation.

On most file systems the rename operation is atomic and very fast.

The same technique can be used to lock a file while uploading through SFTP transfers.

The SCP protocol does not provide a rename operation, but the total file size is advertised in the SCP upload request, which happens before the client starts pushing the content of the file.

Read more about transferring files with temporary names in our documentation page.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, and macOS.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

• • •

Restrict user with trusted IPs for SFTP and FTPS

Fri 15 February 2019 | security blog

Computer security illustration.

It is common practice to secure a file transfer server using firewall rules which only allow incoming connections from trusted partners.

Let's assume you have a US partner named "ACME Inc", connecting to your server from IP 1.1.1.1 using the user acme-inc, and another German partner called "AlleWerkzeuge AG", connecting to your server from IP 5.5.5.5 using the user alle-werkzeuge-ag.

You can configure your firewall to only allow connections from a list of trusted IPs like 1.1.1.1 and 5.5.5.5, but the firewall doesn't know about usernames. So it will allow the account acme-inc to connect even if the connection is initiated from 5.5.5.5, which is an IP outside of the ACME Inc network.

To complement firewall restrictions, SFTPPlus allows defining a fixed list of trusted IP rules from which it will allow connections for a specific user.

Such a configuration can be defined per user, but also per group, with multiple users inheriting their configuration from the group.

To restrict a specific user to connect through SFTP or FTPS to the file transfer server only from a certain IP (or IPs), you can use the source_ip_filter configuration option in SFTPPlus.

The remote access is denied when the user connects from a source address which is not whitelisted.

Below is a screenshot from our web-based management console demonstrating such a configuration.

Screenshot of SFTPlus account configuration.

Read more about securing your SFTP/FTPS and HTTPS services with SFTPPlus in our documentation page.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, and macOS.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

• • •

SFTPPlus Release 3.45.0

Thu 14 February 2019 | general release

We are announcing the latest release of SFTPPlus version 3.45.0.

New Features

  • It is now possible for SFTP/SCP clients to change their own password using the SSH command execution service. [server-side][sftp][scp] [#5129]
  • It is now possible to transfer files using temporary names, renaming to their initial names once successfully transferred. [client-side] [#5156]
  • Events emitted when a file is closed after a server-side SFTP or SCP transfer now include transferred size, duration, and average speed. [server-side][scp][sftp] [#5196]
  • You can now configure an account to allow authentication only from a specific list of source IP addresses. [server-side][security] [#5201]

Defect Fixes

  • The SFTP/SCP file transfer service no longer generates an internal server error when the SCP protocol is requested as an SSH subsystem. [server-side][scp] [#5129]
  • For move transfers, the removal of the source file is now retried when the operation fails. In previous versions, once the file was transferred, the source removal was attempted only once. [client-side] [#5156-1]
  • The transfer of a file is now retried when the operation to check the existence of the remote file fails. [client-side] [#5156]
  • For the SCP protocol, the event with ID 30042 is no longer emitted when the client is sending the whole file without an end of file marker. In previous versions, if the SCP client uploaded all the file data, but did not send the explicit confirmation for the end of file or stream, SFTPPlus was emitting the event 30042 to inform that the transfer was not complete. [server-side][scp] [#5196]

Deprecations and Removals

  • The events emitted for rename operations now have the destination path as the default path attribute. In previous versions the source path was used. The from attribute will contain the source path. The following event IDs are affected: 60043, 60044, 30025, 30026, 30027 [server-side][client-side] [#5156]
  • Support for FreeBSD 10.x on X86_64 was removed. [#5170]

You can check the full release notes here.

• • •

Get email notifications from your FTP and SFTP servers

Thu 31 January 2019 | article

Introduction

Email notification article banner

SFTPlus can connect to any STMP servers and deliver emails based on the activity, actions and events triggered by a file transfer.

With SFTPPlus you can configure the list of recipients (with CC and BCC), email subject and email body.

The email notification can be use for FTPS or SFTP server monitoring and reporting, or just for critical failure/error conditions.

For example, you can trigger an email notification, whenever a SFTP file upload fails on your file transfer service. In this way, you can automatically monitor the server for new files and be notified when you got new files which failed to be fully uploaded.

Operation principles

An Email client resource is created inside the SFTPPlus configuration in order to define the STMP server address, port and credentials.

For each type / category of email notifications, create a separate Send as email event handlers.

Each event handler has a set of filters which determined the condition under which the emails are triggered. For example, you can trigger on all file upload to your site, or only on uploads from a certain user.

Multiple event handlers can use a single email client resource to deliver the emails.

Integration with Email Delivery Services

Using the standard STMP protocol, SFTPPlus can send email alerts using any of the cloud based email delivery services.

If your SFTP server is hosted with Azure, you might want to use the Sendgrid service. For FTP servers hosted with Amazon EC2 you might want to use the Amazon SES service.

Note that for Amazon EC2, port 25 is throttled. You should use port 587 instead.

Check our dedicated documentation page to see how to configure email alerts in SFTPPlus.

This resource is written as of SFTPPlus version 3.44.0.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, and macOS.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

Email Alerts Services That You Should Use image used in this article was created by Amit Agarwal and is licensed under CC BY 2.0 / Cropped from original.

• • •

HTTPS, FTPS, and SFTP with Docker and OpenShift

Wed 30 January 2019 | blog

For some time, we have been maintaining an MIT-licensed GitHub repository to ease the creation and running of SFTPPlus Docker instances.

Whether you are already a customer of ours, or currently evaluating SFTPPlus, simply head over to our GitHub repository, clone, and follow the instructions to run an SFTPPlus instance in Docker.

To further aid in quickly trying out a version of SFTPPlus in Docker, we are pleased to announce the creation of a SFTPPlus Docker Hub repo.

Docker Hub banner

You can now simply pull from Docker Hub our latest 3.44.0 trial image for Red Hat Enterprise Linux 7.0 / CentOS 7.0 (or other compatible OS'es) with a single command:

docker pull proatria/sftpplus-trial:3.44.0-centos7

In this way, you can evaluate a dockerized FTPS and SFTP server with minimum effort.

The Docker Hub repository only contains the evaluation version. For production use you will most probably want to change the configuration to meet your requirements.

To build your own Docker image, check the scripts and instructions used to build the evaluation image in our aforementioned GitHub repo.

Similar commands can be used to deploy the Debian Linux 8 image pushed to Docker Hub as:

proatria/sftpplus-trial:3.44.0-debian8

To offer a Docker image with minimal disk size, our Docker Hub repository also covers Alpine Linux, a distribution for "power users who appreciate security, simplicity and resource efficiency". To get the Alpine Linux 3.7 image, use:

proatria/sftpplus-trial:3.44.0-alpine37
OpenShift banner

Our Dockerfile and the images derived from it do not require running the process as root inside the container. Therefore, you can deploy them in OpenShift with a single command as well:

oc new-app proatria/sftpplus-trial:3.44.0-centos7

A users guide for deploying SFTPPlus with Docker containers is available in our Docker documentation page.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, and macOS.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

• • •

SFTPPlus Release 3.44.0

Thu 24 January 2019 | general release

We are announcing the latest release of SFTPPlus version 3.44.0.

New Features

  • It is now possible to configure the name associated to the sender email address in the email client resource. [#3069]
  • It is now possible for file transfer users to change the password associated with their accounts via the HTTP / HTTPS protocols. [server-side][http][https] [#5128]
  • It is now possible to configure an email sender event handler with CC and BCC fields. [#5158]
  • It is now possible to monitor OS resources used by SFTPPlus, and trigger an event when their usage hits certain configurable limits. This feature is not available on HP-UX, Windows XP and Windows Server 2003. [#5175]
  • Alpine Linux 3.7 on X86_64 is now a supported platform. [#5179]
  • It is now possible to schedule a transfer based on week days. [client-side][#5184]

Defect Fixes

  • The HTTP/HTTPS file transfer service login page is now accessible in HTML format for Internet Explorer in compatibility mode. [http][https][server-side] [#5188]

Deprecations and Removals

  • The URL of the login page used by the HTTP/HTTPS file transfer service was moved from /login to /__chsps__/login. [server-side][http][https] [#5128]
  • Support for Alpine Linux 3.6 on X86_64 was removed. [#5179]
  • Event with ID 60019 emitted when a transfer has invalid schedule configuration was removed and replaced with the generic event ID. [#5184]
  • The HTTP/HTTPS file transfer API now requires an explicit Accept: application/json header in order to use the JSON variant of the API. Otherwise, it will default to the HTML/WebDAV variant. [http][https][api][server-side] [#5188]

You can check the full release notes here.

• • •

SFTPPlus Release 3.43.1

Mon 07 January 2019 | general release

We are announcing the release of SFTPPlus version 3.43.1, which is a bugfix release.

The SFTP client now waits for a maximum of 60 seconds for the server to respond.

In previous versions it was waiting forever, causing transfers to stall if the server never responded to a request. This could happen if the server drops the connection during a transfer.

No other changes were done in this release on top of those in 3.43.0.

You can check the full release notes here.

• • •

Use Let's Encrypt to protect your FTP server

Fri 04 January 2019 | article

A brief history of FTP (in)security

The FTP protocol as used today was defined in 1985 (RFC 959) based on a design created in 1971.

It was designed without taking security into consideration. All transmissions are in clear text, including username, password, and actual transferred data. All FTP communication can be easily intercepted by anyone able to capture your local or Internet traffic.

This problem is common to many of the Internet Protocol specifications (Telnet, SMTP, IMAP, etc.) that were designed prior to the creation of encryption mechanisms such as SSL or TLS.

In 1997 (RFC 2228), the FTP protocol was extended, and specifications for using secure connections were set in place. The end result is what is commonly known as the FTPS protocol.

The FTPS protocol is also sometimes referred to as Secure FTP or FTP over SSL. All these names refer to the same protocol extension.

FTPS should not be confused with the SFTP protocol, a secure file transfer subsystem for the Secure Shell (SSH) protocol. FTPS is not compatible with SFTP.

Upgrade the security of your legacy FTP server

With the widespread popularity of wireless networks, it is easier than ever to monitor network traffic. And therefore capture usernames, passwords, and actual data sent over the plain old FTP protocol.

Until recently, in order to secure public FTP servers using TLS you had to buy and manually install an X509 / SSL Certificate from one of the trusted certificate authorities. A certificate was typically valid for 1 or 2 years, and the process of buying, obtaining, and then installing a new certificate was slow and painful, as most steps required manual interventions.

With the creation of the Let's Encrypt certificate authority, you can now automatically get a TLS certificate at no extra cost in a matter of seconds.

By switching to FTPS, usernames, passwords, and actual data transferred by your FTP server are protected using the latest security standard.

Let's Encrypt and FTPS

Let's Encrypt for FTPS Server

Let's Encrypt (sometimes shortened as LetsEncrypt) is a certificate authority that provides SSL/X.509 certificates at no charge.

SFTPPlus can automatically and seamlessly request certificates for HTTPS and FTPS file transfer services. You only need to configure the domain name, SFTPPlus will take care of the rest. No need to use external tools like letencrypt.exe copy files in paths like /etc/letsencryt or C:siteswwwroot.

For technical details on Let's Encrypt in general, and on using it with a FTPS server in particular, consult the dedicated article.

If you have decided to use Let's Encrypt, check our dedicated documentation page to see how to enable Let's Encrypt for your FTP server.

This resource is written as of SFTPPlus version 3.43.0.

Evaluating SFTPPlus MFT

The features listed in this article are just a selected few out of many integration and configuration options that are available today. Feel free to talk to the Support team about your requirements with file transfer software.

SFTPPlus MFT Server supports FTP, Explicit FTPS, Implicit FTPS, SFTP, SCP, HTTP and HTTPS.

SFTPPlus MFT is available as an on-premise solution supported on Windows, Linux, and macOS.

It is also available on the cloud as Docker containers, AWS or Azure instances and many other cloud providers.

Request a trial using the form below.

• • •