A large bank sent us a notice for SSH/SSL Certificate Renewal
Posted: Thu Oct 04, 2018 11:55 am
Question:
We transmit files to a large bank. We receive an email stating that because we have installed Entrust_Root_Certificate and Entrust_Intermediate_Certificate on your servers prior to the October 7th renewal.
What do I need to do to make sure that my GoAnywhere project continues to transfer files to this bank?
Answer.
First, check the Protocol type of the resource used in your GoAnywhere project.
SFTP
Your connection to the bank is using SSH Keys, NOT SSL certificates.
If you connect to the bank using an SFTP Resource, you do NOT need to do anything.
Your SFTP connection DOES NOT use the expiring SSL Certificates & will continue to work.
FTPS
Your connection to the bank authenticates using SSL Certificates. The certificate used by the bank is signed by Entrust and it is expiring. The new root and intermediate certificates should be imported into your Default Trusted Certificate Key Store. Do Not overwrite the existing certificates. If they exist, give them a different “alias” name.
If you have questions on what protocol you are using with the bank, please contact your Service Representative (at JPMC) as it states in the email.
For production issues after the renewal, please contact the bank at the phone number listed in their email.
**Refer to your on-line help for version specific information to import SSL certificates.
Import Certificate
GoAnywhere supports importing DER or PEM encoded certificates and files that contain multiple certificates. When a file contains multiple certificates (not a private key or CA reply), each certificate is imported individually. The alias name for the second and subsequent certificates will be appended with a sequential number. Import certificate(s) by following the steps below:
1. Log in as an Admin User with a Key Manager role.
2. From the main menu, select Encryption > File Based Keys, and then click the Certificates link.
3. Click the Open Key Store button and choose the Key Store to open.
4. In the File Based Certificates page, click the Import link in the toolbar and then click Certificate.
5. On the Import Certificate page, click to select the location where the certificate file is located.
6. In the Input File box, type the location for the file or click the Browse button to browse for the file.
7. Type an alias name to assign to the certificate. The name must not already exist in the Key Store.
8. Click the Import button to import the certificate.
If the import is successful, the certificate will load into the Key Store and will be listed on the page.
Import From
The certificate can be imported either from a file on the end user’s PC or from a file on the GoAnywhere server.
Input File
The Input File is the file containing the certificate. Click the Browse button to navigate to the file.
Alias
The Alias name is used to identify the certificate after a successful import.
We transmit files to a large bank. We receive an email stating that because we have installed Entrust_Root_Certificate and Entrust_Intermediate_Certificate on your servers prior to the October 7th renewal.
What do I need to do to make sure that my GoAnywhere project continues to transfer files to this bank?
Answer.
First, check the Protocol type of the resource used in your GoAnywhere project.
SFTP
Your connection to the bank is using SSH Keys, NOT SSL certificates.
If you connect to the bank using an SFTP Resource, you do NOT need to do anything.
Your SFTP connection DOES NOT use the expiring SSL Certificates & will continue to work.
FTPS
Your connection to the bank authenticates using SSL Certificates. The certificate used by the bank is signed by Entrust and it is expiring. The new root and intermediate certificates should be imported into your Default Trusted Certificate Key Store. Do Not overwrite the existing certificates. If they exist, give them a different “alias” name.
If you have questions on what protocol you are using with the bank, please contact your Service Representative (at JPMC) as it states in the email.
For production issues after the renewal, please contact the bank at the phone number listed in their email.
**Refer to your on-line help for version specific information to import SSL certificates.
Import Certificate
GoAnywhere supports importing DER or PEM encoded certificates and files that contain multiple certificates. When a file contains multiple certificates (not a private key or CA reply), each certificate is imported individually. The alias name for the second and subsequent certificates will be appended with a sequential number. Import certificate(s) by following the steps below:
1. Log in as an Admin User with a Key Manager role.
2. From the main menu, select Encryption > File Based Keys, and then click the Certificates link.
3. Click the Open Key Store button and choose the Key Store to open.
4. In the File Based Certificates page, click the Import link in the toolbar and then click Certificate.
5. On the Import Certificate page, click to select the location where the certificate file is located.
6. In the Input File box, type the location for the file or click the Browse button to browse for the file.
7. Type an alias name to assign to the certificate. The name must not already exist in the Key Store.
8. Click the Import button to import the certificate.
If the import is successful, the certificate will load into the Key Store and will be listed on the page.
Import From
The certificate can be imported either from a file on the end user’s PC or from a file on the GoAnywhere server.
Input File
The Input File is the file containing the certificate. Click the Browse button to navigate to the file.
Alias
The Alias name is used to identify the certificate after a successful import.