Having recently spoken to a number of existing customers about recent functionality added to StingRay it appears that many are unaware of the ability to configure StingRay to allow for secure file transfer using the HTTPS protocol.

HTTPS has been an option in StingRay since April 2010 but with the increased awareness around data security we’re finding more StingRay users want to ensure that they are able to comply with, for example, the Data Protection Act and also PCI DSS.

HTTPS provides for a secure encrypted tunnel for the transfer of data ensuring that sensitive data can be transferred over the Internet without the risk of being intercepted which isn’t the case when using standard unsecured protocols such as FTP or HTTP.

HTTPS file transfer using Hermstedt StingRay

If you would like to set up HTTPS on your StingRay our support department will be willing to assist. Please click here to find out the process in our FAQ and then contact Support using the normal contact details.

Bookmark It

Hide Sites

Since we released version 2.6 of StingRay file transfer server we’ve had a great uptake in those customers wanting to provide additional security for their customers when sending/receiving files, i.e. using HTTPS via a web browser.

Given that understanding SSL Certificates and the differences between self assigned and those purchased from a reputable supplier isn’t necessarily straight forward, I thought I’d provide you with a brief outline here.

Filling in the site information page as instructed in the ‘New Features in 2.6 Guide‘ will enable your StingRay to generate a Self Assigned SSL Certificate.  This certificate will provide you and your users with the ability to use SSL to upload and download files via a web browser.  You’ll also need to switch on HTTPS in the Network Configuration page under Web Access otherwise the StingRay will continue to use standard HTTP.

Now that you have SSL enabled you’ll be able to securely share files, but there is one major drawback with Self Assigned certificates - recent web browsers don’t trust them and flag it up to the user, in some annoying cases too often.

Internet Explorer doesn't like self assigned SSL Certificates

Obviously when providing a solution for your customers, staff, branch offices etc to send you files you don’t want any barriers in the way or more to the point to look like you don’t know what you’re doing.  In this case you’ll need to purchase an SSL certificate.  StingRay’s external web interface runs on Apache Server so we’d recommend if you want to purchase a certificate you do so from one of these preferred SSL Certificate suppliers.

Once you have this certificate you’ll need to contact us to assist you with uploading it into your server as there currently isn’t an option to upload your own through the web interface.  As a maintenance customer you’ll get this service free of charge - for other customers this will be provided as part of your 2.6 upgrade.

Whilst we’re on the point of creating the certificates its worth pointing out that you’ll need to register it to a host name.  Many people set up host names (or A records) for their StingRay as people better understand and remember names than IP addresses, for example our StingRay is accessible by both http://217.36.243.171 and http://stingray.pro2col.com but the later is much easier to remember.

You can pretty much use whatever host name you want but we generally recommend using stingray.domain.com.  Its really important to make sure that when you’re doing this you DON’T use the host name ftp.domain.com as this will cause most web browsers to think that you want to use FTP and result in the web browser doing something like this below, rather than presenting a nice graphical interface for you to transfer files.

FTP protocol through a web browser

I hope this helps you to understand a little better how to get the best out of your StingRay.  If you’ve got any questions make sure you give our sales or support teams a call on +44 (0) 333 123 1240.

Bookmark It

Hide Sites