SSL Certificate Generation for FTPS under MFT/Active Transfer Server

Dear Expert,
We are planning to expose a FTPS port for end user to connect to our MFT Server. We have noticed that we do need to specify ssl certificate for the same. Can you please suggest if we need to follow any guideline while generating this certificate which latet need to be shared with the client ? What is the best practice for generating the ssl certificate that should be specified under MFT under FTPS port definition ?

Hi Kumar,

Certificate can be generated by using OpenSSL (check with your Security department about the details, i.e. key length and encryption algorithms). After you have created a CertificateSigningRequest (CSR), you should get this certified by a trustworthy CertificateAuthority (CA).

See IS Administrators Guide and/or MFT Administrators Guide for details how to apply the certificate to host which provides the port.


Hi Saurav,

Addition to Holger, you can use ‘keytool’ in java to manage certificates.
Your security department might already have the required private certificate(keystore) signed by trustworthy CA (CertificateAuthority).

If server’s certificate is signed by a CA that the client also trust, there’s no need of sending certificates to the client.
Clients will accept the server’s certificates based on the trust on CA.
Otherwise, you have to share the public key with the client, so that client can validate/trust the server.

Similarly, as a server, you should have either client’s public certificates or certificates of CA in truststore to validate the clients.

For certificate based authentication of MFT users, you have the details in the ActiveTransfer guide.
Please let us know if these answers your query.


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.