None.

As you said, SFTP is SSH2-based. It is not the same as FTPS (FTP over TLS) and does not use X.509 certificates in any way. The server authentication in SSH2 is mostly based around "trust on first use", so the keys are not signed at all. However, many of the problems with self-signed certificates don't apply.

The only thing even remotely close is OpenSSH certificates, which aren't sold commercially – they were explicitly made for internal use, with each site creating its own CA. Also, only OpenSSH supports them, other SFTP clients only use basic keys or Kerberos.

That said, if you were using FTPS, it would work exactly the same way as TLS in web browsers (HTTPS) – it would use the same "TLS Server" certificate type, and the exact same validation methods (a preloaded list of "root authorities").

The only difference is that EV is usually not supported outside web browsers, so a regular organization- or domain-validated certificate would be fine.

Finally, there are some exceptions. (Just as some programmers can write Fortran in any language, some sysadmins manage to put X.509 everywhere.)

• The US government like to use their CAC cards for everything, and have patched X.509 PKI support even into SSH. But if that were your situation, I think you would've been given the correct certificate already, instead of having to ask on SuperUser.

• Similarly, various distributed research computing grids also have a SSH patch (GSI-SSH) which uses X.509 PKI. They use a root authority list separate from the main OS / web browser list; it has some commercial CAs and some run by grids themselves. They also use certificates slightly different from regular "TLS server" ones – called "Grid server" in commercial CAs.

That said, I don't think any of the exceptions apply here. Most likely, whoever wrote your requirements simply doesn't know SFTP from FTPS.