Configure SSL/TLS (FTP Client)

NOTE:SSL/TLS connections use digital certificates for authentication. Depending on how your certificate was issued and the way your host is configured, you may need to install a host and/or personal certificate before you can connect using SSL/TLS.

To configure a secure SSL/TLS connection in the FTP Client

  1. Start the FTP Client.

    This opens the Connect to FTP Site dialog box. (If the FTP Client is already running and this dialog box is not open, go to Connection > Connect.)

  2. Perform one of the following tasks:


    Do This

    Create a new site

    From the Connect to FTP Site dialog box, click New.

    In the Add FTP Site dialog box, enter the name or IP address of your FTP server host, and then click Next.

    In the Login Information dialog box, select User.

    Modify an existing site

    From the Connect to FTP Site dialog box, select a site.

  3. Click Security.

  4. Click the SSL/TLS tab, and then click Use SSL/TLS Security.

  5. (Optional) To specify the minimum allowable level of encryption for SSL/TLS connections, select a level in the Encryption strength list. The connection fails if this level cannot be provided.

    NOTE:If you select Default, any encryption level is permitted, and the client negotiates with the host system to choose the strongest encryption level supported by both the host and the PC.

  6. (Optional) Click Configure PKI.

    The PKI Configuration dialog box opens, from which you can manage the digital certificates used for authentication.

    1. Click Reflection Certificate Manager.

    2. In the Reflection Certificate Manager dialog box, select the Trusted Certificate Authorities tab.

    3. Click Import and browse to select the CA certificate for the server.

    4. Modify default settings as required. (For example, to use only the Reflection Certificate Manager, you might choose to clear Use System Certificate Store for SSL/TLS connections. When this option is selected, Reflection FTP Client looks for certificates in both the Reflection Certificate Manager store and the Windows certificate store.)

      When you customize any of the default PKI settings, the pki_config file is created.

    5. Close the Certificate Manager dialog box and click OK to close the other open dialog boxes.

      The imported certificate is saved in the trust_store.p12 file.

    6. After a connection is established, click the Save button on the Quick Access toolbar and save the session document.

  7. Perform one of the following tasks:

    If you are

    Do This

    Creating a new site

    Click OK to close the Security Properties dialog box and then click Next.

    In the FTP User Login dialog box, type your user name on the FTP server and then click Next.

    Click Finish.

    Modifying an existing site

    Click OK to close the open dialog boxes.


  • Before making an SSL/TLS connection, Reflection authenticates the host system. The certificate presented by the host for this purpose must be from a trusted certificate authority. If your computer does not recognize the certificate authority, you will not be able to make SSL/TLS connections. Depending on how a host certificate was issued, you may need to install the certificate on your computer.

  • When you make an SSL/TLS connection, a padlock icon appears indicates that the data stream is encrypted. A key icon indicates that the command channel (including the entered password) is encrypted.