Secure Socket Layer (SSL) is a protocol for encrypting and decrypting data across a secure connection from a client to a server with SSL capabilities. The server is responsible for sending the client a certificate and a public key for encryption. If the client trusts the server's certificate, an SSL connection can be established. All data passing from one side to the other will be encrypted. Only the client and the server will be able to decrypt the data. You can get a clearer idea of how SSL works by examining the representation of an explicit SSL transfer below.
GlobalSCAPE Secure FTP Server supports
SSL for client and server authentication, message integrity, and confidentiality.
You can configure GlobalSCAPE Secure FTP Server's security features to
verify users' identities, allows users to verify your identity and to
encrypt file transfers. The key to understanding how SSL works is to understand
the elements that take part in the process.
Client: The client needs to be an FTP client with SSL capabilities.
Certificate: Certificates are digital identification documents that allow both servers and clients to authenticate each other. A certificate file has a .crt extension. Server certificates contain information about your company and the organization that issued the certificate (such as Verisign or Thawte) while client certificates contain information about the user and the organization that signed the certificate. You can choose to either trust or distrust a certificate. In some cases, the client's certificate must be signed by the server's certificate in order to open an SSL connection.
Session Key: The client and the server use the session key to encrypt data. It is created by the client via the server’s public key.
Public Key: The client encrypts a session key with the server’s public key. It does not exist as a file, but is produced when a certificate and private key are created.
Private Key: The server's private key decrypts the client's session. The private key has a .key extension and is part of the public-private key pair.
Certificate Signing Request: A certificate signing request is generated each time a certificate is created. A certificate signing request has a .csr extension. This file is used when you need to have your certificate signed. Once the Certificate Signing Request file is signed, a new certificate is made and can be used to replace the unsigned certificate.
High level - The server is configured so that it contains a certificate, but does not require a certificate from the FTP client.
Highest level - The server is configured so that it provides a certificate and also requests a certificate from the client. The server compares the client certificate to a list contained in its Trusted Certificates database. The server either accepts or rejects the connection based upon a match.