How FTPS differs from TLS
Does VeriSign have a solution for FTPS (FTP over SSL)? Is there an existing implementation on this? If so, how does it work?
FTPS is an enhancement to FTP that uses the standard FTP
protocol and commands over secure sockets, adding SSL
(Secure Socket Layer) security to both the protocol and data channels. FTPS is also known as FTP-SSL and FTP-over-SSL. SSL is a protocol that encrypts
and decrypts data across a secure connection from a client to a server with SSL capabilities. The server sends the client a certificate and a public key
for encryption. If the client trusts the server's certificate, the SSL connection can be established. All data that passes from one side to the other will be encrypted, and only the client and the server can decrypt the data. The SSL protocol is the same protocol used in FTPS. You may also see SSL used in conjunction with TSL. SSL has merged with other protocols and authentication
methods to form a new protocol known as Transport Layer Security
Although a server requires you to present a digital certificate before you use FTPS, you don't have to use a certificate issued by VeriSign. You can use a digital certificate issued by any of the well-known certificate authorities, or, one you have issued yourself, using Microsoft Certificate Server for example. You can have a trusted certificate authority, such as Verisign or Thawte, sign the certificates you create. There are plenty of FTP programs that can handle FTPS. One is GlobalSCAPE's Secure FTP Server, which includes a full digital certificate management system for creating, signing and importing digital certificates to a trusted list. It also supports client authentication to verify users' identities by forcing users to present a certificate. The server compares the client certificate to a list contained in its trusted certificates database, and then either accepts or rejects the connection based upon a match.
This was first published in December 2005