Client Configuration

BlueZone Secure FTP Client Configuration

BlueZone Secure FTP supports SSL through the BlueZone Security Server providing security for not only the data being transferred, but also for the control port where sensitive user id and password information is transmitted.  In addition to the security features, BlueZone Secure FTP may be pre-configured for distribution, eliminating End User intervention in the installation or configuration process.

SEE  BlueZone Secure FTP Help for additional details about configuring and distributing BlueZone Secure FTP.

BlueZone Secure FTP Client Configuration for SSL Security

Configure the FTP Connection Parameters

  1. Launch a BlueZone FTP session and on the MenuBar go to Session:Configure.

  2. Select the New button to create a new connection.

  3. Enter a Connection Name to identify the connection as a secure connection.

  4. Enter the IP address or host name of the Security Server.

  5. Select the Host Type from the drop down list box.

  6. Select the TCP Port on which the Security Server will be listening for BlueZone Secure FTP connections.

  7. Complete any of the additional parameters as needed and click the OK button to apply the settings.

Configure the Security Parameters

  1. Select the Security Tab and check the Enable Secure Sockets Layer check box.

  2. Check the Use the AUTH method to initial SSL checkbox if needed.  AUTH is typically used with IBM mainframe SSL authentication.

  3. Check the Enable Clear Control Channel checkbox if needed.  This is typically used with firewalls that require a clear channel to pass the control information.

  4. Select the appropriate method for handling Invalid Certificates.

  5. Select the SSL Version. SSL v3 and TLS v1 are nearly identical.  TLS v1 is the most secure setting.  SSL v2 is provided for backward compatibility with older systems and is less secure.  This setting must match the SSL version that has been configured in the Security Server Connection.

  6. If you have a preference, choose a Preferred Cipher Suite from the list box.  Otherwise, leave it set to None.  By leaving it set to None, BlueZone Secure FTP will automatically negotiate the highest Cipher Suite possible.

NOTE  PKCS12 certificates contain the certificate and private key in a single file. Therefore, only the Certificate File name must be specified.

  1. Click the OK button to apply the changes and exit to the Session Configuration dialog.

  2. Click the OK button to return to the BlueZone Secure FTP window.

  3. Select Session:Connect to connect to the FTP server through the Security Server.

Save Configuration Parameters to a File

  1. From the BlueZone Secure FTP MenuBar, select File:Save As.

  2. Assign a name for the file in the File Name edit box and click the Save button.

  3. Copy the configuration file to the BlueZone distribution image disk or directory.  When used with Quiet Mode Installation, no end user intervention is required to install or configure BlueZone Secure FTP.

SEE  the BlueZone Desktop Administrator's Guide for more information on the use of configuration files.

Testing the Connection

If you chose "Always Accept" to the "Select the desired method for handling Invalid Certificates" question above, you should now be able to establish an encrypted connection to your host.

If you chose "Ask Before Accepting" to the "Select the desired method for handling Invalid Certificates" question above, when making a connection to your host, you will receive a Certificate Error message stating that the Server Certificate is invalid.  This is normal because the Server Certificate that we provide with the Security Server is a self signed certificate.  This is not necessarily a problem if you are using BlueZone Secure FTP and the Security Server to encrypt host sessions for your own employees.

Having a valid Server Certificate becomes critical, is when you are presenting the certificate to an outside Customer.  In this case you will probably want to obtain a certificate from a third party Certification Authority.

If you are using BlueZone Secure FTP and the BlueZone Security Server to encrypt host sessions for your own employees, then the Certificate Error message is not relevant since your sessions will indeed be encrypted.

To avoid this message, instruct your End Users to do the following:

  1. Launch a BlueZone Secure FTP session and attempt to connect to your host via the Security Server.

  2. When the Certificate Error message is displayed, click the View button.

  3. The Self Signed Certificate will be displayed.

  4. Check the Add This Certificate to Trusted List checkbox and click the OK button.

  5. The secure connection will now be completed.

The next time the End User makes the connection, no Certificate Error will be displayed.

NOTE  This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)

Related Topics:

BlueZone Emulator Configuration

Windows Domain Authentication