About SSL/TLS Certificates
As an added measure of security, you can obtain your certificate from a certificate authority (CA). A CA verifies all of the identity information in your certificate, then adds its signature.
In an SSL or TLS transaction, your certificate is presented to your trading partner, who can recognize the signature of the CA using the CA root certificate. This assures your trading partner that you are who you say you are. There are many free and commercial certificate authorities. Some companies use an internal certificate authority.
If you use a certificate that is not validated by a CA, it is called a self-signed certificate. Self-signed certificates are used when identity verification is not required, such as internal communications or product testing.
To implement SSL or TLS over FTP or HTTP when using a CA, you need to acquire the CA root certificate from the trading partner, and you must make it available to Secure Proxy. You must also make your private key and certificate available to Secure Proxy.
To implement SSL or TLS over FTP or HTTP using self-signed certificates, provide your certificates to your trading partner. Also, acquire your trading partner certificates and make them available to Secure Proxy. You also make the private key available to Secure Proxy.
Public certificates and CA root certificates must be in base 64 or DER format. Private keys, accompanied by their matching public certificates, must be contained in a base 64 key certificate or a PKCS12 file.
Certificate Implementation Models Using Secure Proxy
There are several models for using certificates and implementing the model in Secure Proxy.