Configure SSL/TLS (FTP Client)

To configure a secure SSL/TLS connection in the FTP Client

1. Start the FTP Client.

   This opens the Connect to FTP Site dialog box. (If the FTP Client is already running and this dialog box is not open, go to Connection > Connect .)

2. Perform one of the following tasks:

   To	Do This
   Create a new site	From the Connect to FTP Site dialog box, click New. In the Add FTP Site dialog box, enter the name or IP address of your FTP server host, and then click Next. In the Login Information dialog box, select User.
   Modify an existing site	From the Connect to FTP Site dialog box, select a site.

3. Select Security .

4. From the SSL/TLS section of the Security Properties dialog box, select Use SSL/TLS Security .

5. (Optional) To specify the minimum allowable level of encryption for SSL/TLS connections, select a level in the Encryption strength list. The connection fails if this level cannot be provided.

   Encryption strength options	Description
   Recommended ciphers	The FTP Client will negotiate with the host system to choose the strongest encryption level supported by both the host and the client. This new setting will contain the recommended encryption level from Micro Focus, and will change periodically. NOTE: If you are running in FIPS mode and select Recommended Ciphers, the FTP Client will negotiate using only FIPS compliant encryption levels.
   Custom ciphers	If you select Custom ciphers, you will be prompted to select from a list of available ciphers in the Custom ciphers list view. NOTE: Session files from previous versions of Reflection that use default, 168, 128 or 256 bit Encryption Strength will be imported as Custom Ciphers and maintain the list that was used in prior versions for those settings options.

6. (Optional) Select the PKI section in the left side-menu.

   This will open the PKI Configuration settings, from which you can manage the digital certificates used for authentication.

   To use the Reflection Certificate Manager

   1. From the PKI Configuration settings select Reflection Certificate Manager .

   2. In the Reflection Certificate Manager dialog box, select the Trusted Certificate Authorities tab.

   3. Select Import and browse to select the CA certificate for the server.

   4. Modify default settings as required. (For example, to use only the Reflection Certificate Manager, you might choose to clear Use System Certificate Store for SSL/TLS connections . When this option is selected, Reflection FTP Client looks for certificates in both the Reflection Certificate Manager store and the Windows certificate store.)

   note

   When you customize any of the default PKI settings, the pki_config file is created.

   1. Close the Certificate Manager dialog box and click OK to close the other open dialog boxes.

      The imported certificate is saved in the trust_store.p12 file.

      After a connection is established, click the Save button on the toolbar and save the session document.

7. Perform one of the following tasks:

   If you are	Do This
   Creating a new site	Click OK to close the Security Properties dialog box and then click Next. In the FTP User Login dialog box, type your user name on the FTP server and then click Next. Click Finish.
   Modifying an existing site	Click OK to close the open dialog boxes.