From the drop-down list, select the appropriate option:

SSL - A traditional Secure Socket Layer protocol is used to secure the transmission
TLS - A new version of SSL, Transport Layer Security will be used to secure the transmission (default)

Specify a comma separated list of SSL/TLS protocol versions to allow. For example, to enable TLS 1.1 and TLS 1.2 only, specify TLSv1.1, TLSv1.2. Likewise, to enable all versions of SSL/TLS, specify SSLv3,TLSv1,TLSv1.1,TLSv1.2.

The client authentication option indicates if SSL authentication is expected when a client connects to

Managed File Transfer

. If a Web User or Web User Template is configured to authenticate using a certificate, the Optional or Required setting should be selected.

None - Client certificate authentication is not enabled and client certificates will be ignored. Clients must authenticate with their username and password when connecting to the server.
Optional - Client certificate authentication is enabled, but a certificate is not required. If a valid certificate is available from the client, it will be used for authentication. If a valid certificate is not available, the client must authenticate with their username and password when connecting to the server.
Required - Client certificate authentication is enabled and a valid certificate is required. A client connection without a valid certificate will be rejected.

By default all Cipher Suites are enabled to provide the most options between different clients and servers. Although encrypted, the cipher suite automatically selected by the connection may not be the most secure. This list allows you to limit which ciphers are used. Follow the instructions below to select which Cipher Suites are used:

In the left column, click to select (highlight) the Cipher Suites to use. Multiple entries can be selected by pressing the Ctrl or Shift key while clicking the mouse.
When the desired Cipher Suites are selected, click the arrow between the group boxes to move the Cipher Suites from left to right.

This file contains the private key and associated certificates that a client uses to authenticate to a server. There are default Key Store files provided with

Managed File Transfer

or you can create your own. Type the name or click the icon to browse for the file.

The Key Store Password was specified by the person who created the Key Store.

From the drop-down list, select the appropriate option:

JKS - Java Key Store
PKCS12 - Public-Key Cryptography Standards

Based on your installation, not all the providers may be available. The correct Key Store Provider is loaded during the installation. If you need specify a provider, select the appropriate option from the drop-down list:

IBMJCE - The IBM Java Cryptographic Extension is the export compliant variation of the SUN provider for IBM
IBMi5OSJSSE Provider - The IBM i5/OS Java Secure Socket Extension provides an RSA layer to the cryptology for IBM systems running the i5/OS
SUN - The classic Java cryptographic service
SUNJSSE - The Java Secure Socket Extension provides an RSA layer to the cryptology
SUNJCE - The Java Cryptographic Extension is the export compliant variation of the SUN provider
SUNMSCAPI - The Java implementation of the Microsoft Cryptography API
BC - The Bouncy Castle provider is a new export compliant set of algorithms for the Java Framework including RSA, DSA, x509

The key alias identifies a key pair and its associated certificate from all the ones within a Key Store. If no alias is specified, the Key Store opens the first file in the key store. Type the name or click the icon to browse for an Alias.

Exports the head certificate of the selected Key Alias to your internet browser's default download directory.

The Key Password was specified by the person who created the Key.

The Trust Store File contains the public keys and certificates used by a server to authenticate a client. There are default Trust Store files provided with Managed File Transfer or you can create your own. Type the name or click the icon to browse for the file.

The Trust Store Password was specified by the person who created the Trust Store.

See Key Store Type.

See Key Store Provider.

Indicates whether or not Web Users are permitted to use the clear command channel (CCC) command during an encrypted FTPS connection. If a Web User sends the CCC command, it terminates the encryption on the command channel and all subsequent FTPS communication on the command channel will be transmitted in plain text. The encryption of the data channel is not affected by this setting. When selected, the control channel can be switched to plain text. If unselected, the command cManaged File Transfer

Managed File Transfer

hannel will remain encrypted.Note: This is useful when Managed File Transfer is behind a NAT firewall that requires plain text commands for routing secondary FTPS data connections.

This setting determines whether or not Managed File Transfer will perform the CLOSE_NOTIFY operation as part of the SSL/TLS shutdown when the CCC command is received. Select this option to send the CLOSE_NOTIFY command to properly terminate the SSL/TLS encryption. Some FTPS clients do not support proper termination of SSL/TLS and require this option to be unselected.