Knowledgebase:
Enabling Strict Security
Posted by Aly Essa, Last modified by Aly Essa on 26 January 2017 02:24 PM

Overview

The Strict SSL feature in the FileCatalyst Server enables a client-side application (HotFolder, TransferAgent, CLI) to reject the FileCatalyst Server’s SSL security certificate if it is not signed by a Trusted Certificate Authority (CA). However, you can add certificates to be trusted that were either not obtained from a Trusted Certificate vendor and are self-signed as well.

During the initial handshake of a secure connection, the FileCatalyst Server sends the client its Server certificate containing its public key and the identity of its signing certificate.  The client authenticates the Server’s certificate by ensuring it was signed by a Certificate Authority it trusts, either directly or through a chain of signing certificates whose integrity can be verified. Once authenticated, the handshake continues to generate unique security parameters for the session, and the secure session is established. If the CA which signed the server’s certificate is not among the client’s list of Trusted Certificate Authority, the certificate is rejected as not trusted and therefore not authenticated, and the connection fails.

A certificate file may contain one or more certificates, and sometimes the term certificate refers to multiple certificates that work together to provide security. The Server is provided a set of certificates containing a cryptographically matching private key and public key pair.  The client needs to have a complete certificate chain with the one or more public certificates used to sign the server’s public certificate. A certificate chain refers to a set of certificates where each certificate authenticates the one before it.  The last certificate in the chain MUST be a trusted certificate for the Strict SSL feature to work.

Environment

FileCatalyst HotFolder v3.6 and newer.

Resolution

The following steps will add a system property to your HotFolder which enable the Strict Security feature.

  1. From the HotFolder Administration application go to Settings tab.
  2. Under System Properties click Add Property. Enter the following:

    Property Name: unlimited.fc.deployment.security.enforcement.strict
    Value: true

  3. Hit OK and Apply to save your changes.
  4. Restart the FileCatalyst Application and Service.

Comments (0)