FileZilla Server2: Implicit SSL part 1

From The Uniform Server Wiki
Jump to navigation Jump to search
Uniform Server 4.1-Mona
FileZilla FTPd (Server).

Implicit SSL

The previous pages descried how to install the FileZilla server on uniform server. Passwords and data are sent unencrypted over the Internet. Depending on your application and use this is adequate and suitable for most purposes.

FileZila FTPd overs a much more secure alternative using SSL to encrypt both passwords and data. There are a number of steps required in setting up a secure FTP server hence is relatively difficult. I have split this over two pages making it clearer and hopefully easier to understand.

The procedure is incremental first create a server certificate ensure it runs on a local network and finally configure for Internet access.

Top

Server certificate

FileZilla has a built in certificate generator making this process very easy.

I have assumed the servers are installed for portable operation because of this Uniform Server must be running.

Note: Only portable mode requires this restriction. More specifically it’s the creation of a virtual drive that is required. Neither Apache nor MySQL need to be running.

Enable SSL support

  • Navigate to folder UniServer
  • Start UniForm Server – Double click on Server_Start.bat
    Take a note of the virtual drive created (Normally Z).
  1. Start FileZilla server by double clicking on fz_start.bat
  2. Start FileZilla administration interface, double click on fz_admin.bat
  3. Select Edit > Settings
  4. From the left menu click on SSL/TLS settings - A)
  5. Check Enable SSL/TSL support - B)
  6. Default Allow explicit SSL/TLS on normal connections - C)
  7. Checks Force explicit SSL/TLS - D)
  8. Default Listen for SSL/TLS –only connections on port 990 - E)
  9. Click Generate new certificate - F)

Note:

  • No need to fill in Private key or Certificate files - Automatically added after next section.
  • No need to fill in Key password box - not required.

Top

Fill in certificate details

Clicking Generate new certificate opens the certificate form fill in as follows:

  1. Seclect Key size 4096bit - G)
  2. Insert 2-Digit country code - H)
  3. Fill in some real or dummy information a) to f)
  4. Fill in Common name Use localhost or your real domain name - I)
  5. Click browse button - J)
    Navigate to folder Y:\filezilla_server\filezilla_server_portable
    This is where the certificate will be saved.

    Note 1: Your virtual drive letter may be different hence use that.
    Note 2: If you are not using portable mode choose any folder you like.
    However its a good idea to use folder
    *\filezilla_server\filezilla_server_portable

  6. Click Generate certificate this will take a while. - K)
  7. When complete click OK - L)

Top

Enable user to use SSL

  1. From FileZilla admin select Edit > Users
  2. Select page General - left menu
  3. Select a user account - M)
  4. Check Bypass - N)
  5. Check Force SSL for user login - O)
  6. Click OK - P)
  7. Restart server

That completes the FileZille set-up.

Note:

Although we are using a single user account the above can be applied to other users.

You can have a mix of users some using encryption while other do not the choice is yours.

Top

Client

FireFox and FireFTP

I am assuming your are using FireFox and FireFTP these two are a great combination.

You can use your preferred client the set-up will be similar. Check your clients manual for instructions.


Start FireFTP:

  • Start FireFTP plugin Tools > FireFTP
Main Tab
  1. Select Main tab
  2. Enter a host either use IP address 127.0.0.1 or host name localhost - R)
  3. Enter an Account name Can be anything you like. - Q)
  4. Enter login name e.g fred (ftp user name) - S)
  5. Enter password for fred fred123 (ftp user account password) - T)

Top

Connection Tab
  1. Click on Connection tab - U)
  2. From the drop down menu select Implicit SSL (Good) - V)
  3. Check the port number 990 is set - W)
  4. Finally click OK - X)


Local test

From FireFTP click the Connect button enter name and password.

Your browser will have a whinge, create a certificate exception.

FTP folder will display.

Local network test

On another PC connected to your network repeat the above steps 1-9.

Note: At step 1 enter your PC’s IP address. (See Basic Configuration 1 page how to obtain IP address)

That confirms you can access the FTP server across your network.

Top


Summary

The above provides a secure link to your FTP server. If you are running a wireless network, data can be intercepted by sniffing the radio signals.

Should your basic wireless security be compromised the FTP encryption will provide another hurdle making it more difficult for that data to be accessed.

You do need the above security when FTPing data across the Internet. Before proceeding to the final part make sure you can securely FTP locally.

Top