How FTPS differs from TLS
Does VeriSign have a solution for FTPS (FTP over SSL)? Is there an existing implementation on this? If so, how does it work?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

FTPS is an enhancement to FTP that uses the standard FTP protocol and commands over secure sockets, adding SSL (Secure Socket Layer) security to both the protocol and data channels. FTPS is also known as FTP-SSL and FTP-over-SSL. SSL is a protocol that encrypts and decrypts data across a secure connection from a client to a server with SSL capabilities. The server sends the client a certificate and a public key for encryption. If the client trusts the server's certificate, the SSL connection can be established. All data that passes from one side to the other will be encrypted, and only the client and the server can decrypt the data. The SSL protocol is the same protocol used in FTPS. You may also see SSL used in conjunction with TSL. SSL has merged with other protocols and authentication methods to form a new protocol known as Transport Layer Security (TLS).

Although a server requires you to present a digital certificate before you use FTPS, you don't have to use a certificate issued by VeriSign. You can use a digital certificate issued by any of the well-known certificate authorities, or, one you have issued yourself, using Microsoft Certificate Server for example. You can have a trusted certificate authority, such as Verisign or Thawte, sign the certificates you create. There are plenty of FTP programs that can handle FTPS. One is GlobalSCAPE's Secure FTP Server, which includes a full digital certificate management system for creating, signing and importing digital certificates to a trusted list. It also supports client authentication to verify users' identities by forcing users to present a certificate. The server compares the client certificate to a list contained in its trusted certificates database, and then either accepts or rejects the connection based upon a match.

This was first published in December 2005