Using an SSL Certificate in an Event Rule

THE INFORMATION IN THIS ARTICLE APPLIES TO:

• EFT Server Enterprise versions prior to v6.2

***The registry key below should not be used starting with EFT Server Enterprise v6.2, because that feature has been added to the interface. You can stop using this registry key when you upgrade to 6.2. ***

DISCUSSION

The procedure below allows EFT Server Enterprise to use SSL certificates on an out-going Event Rule. (For example, when a remote server requires an SSL certificate for authentication.)

For this procedure, CuteFTP must be installed on the server running EFT Server Enterprise.

Allowing EFT Server to use SSL certificates on an out-going Event Rule requires a registry edit that will copy a registry entry from one place to another.

1. Create the certificate in CuteFTP

1. Install CuteFTP on the EFT Server computer.
2. Click Tools > Global Options.
3. Expand the Security node, then click SSL Security.
4. Select the Use SSL certificate when authenticating check box.
5. Click Create a Certificate and follow the instructions in the wizard.
6. In the wizard, select the Set up CuteFTP to use the generated certificate check box.
7. Click OK to close the Global Options dialog box.

For more information about using CuteFTP, refer to http://help.globalscape.com/help/cuteftppro8/index.html (CuteFTP Professional) or http://help.globalscape.com/help/cuteftp8/index.html (CuteFTP Home).

2. Export the Registry Key that you just created

[HKEY_USERS\S-1-5-21-1863128455-877948412-1050887974-2356\Software\GlobalSCAPE\CuteFTP 8 Professional\Settings\SecuritySSL]
"SSLCertificate"="C:\\Documents and Settings\\<username>\\Application Data\\GlobalSCAPE\\CuteFTP Pro\\8.0\\Security\\cername.crt"
"SSLPrivateKey"="C:\\Documents and Settings\\<username>\\Application Data\\GlobalSCAPE\\CuteFTP Pro\\8.0\\Security\\certname.key"
"UseSSLCertificate"=dword:00000001
"UseSSLCertPassphrase"=dword:00000001
"ReuseSSLData"=dword:00000000
"WarnWhenToNonSecure"=dword:00000001
"DataTransportMethod"=dword:00000001
"CertTrustCheck"=dword:00000000
"SSLCertPassphrase"="encrypted_passphrase"

3. Import the Registry Key for EFT Server<TED 6>

The key below will transfer the settings from CuteFTP to TED 6, enabling the same feature in EFT Server for Event Rules.

[HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE Inc.\TED 6\Settings\SecuritySSL]
"SSLCertificate"="C:\\Documents and Settings\\<username>\\Application Data\\GlobalSCAPE\\CuteFTP Pro\\8.0\\Security\\certname.crt"
"SSLPrivateKey"="C:\\Documents and Settings\\<username>\\Application Data\\GlobalSCAPE\\CuteFTP Pro\\8.0\\Security\\certname.key"
"UseSSLCertificate"=dword:00000001
"UseSSLCertPassphrase"=dword:00000001
"ReuseSSLData"=dword:00000000
"WarnWhenToNonSecure"=dword:00000001
"DataTransportMethod"=dword:00000001
"CertTrustCheck"=dword:00000000
"SSLCertPassphrase"encrypted_passphrase

4. Test and Complete Configuration

You can test the Event Rule to verify that it pushes the SSL certificate to the Server. Try using a Loop Back connection or CuteFTP for testing.

The system should fail the first time, because the certificate must be approved/added to the Trusted Certificates list in EFT Server after it is pushed to the Server.

1. In EFT Server, click Tools > Certificate Manager. The Certificate Manager appears.
2. In the Pending Certificates list, click the certificate that you imported, then click Make Trusted. The certificate moves to the Trusted Certificates list.
3. Test the connection again to verify the certificate was accepted by the remote server.

This will be different in other applications; however, you can use this method to test the Event Rule and the registry fix.