FileZilla Server: Implicit SSL part 1

MPG UniCenter

MPG UniCenter

Uniform Server 3.5-Apollo
FileZilla Server.

Implicit SSL

Due to the number of steps required setting up a secure FTP server is relatively difficult because of this I have split this over two pages. The procedure is incremental first create a server certificate ensure it runs on a local network and finally configure for Internet access.

Top

Server certificate

FileZilla has a built in certificate generator making this process very easy.

Enable SSL support:

  1. Start the server by double clicking on filezila_start.bat
  2. Start the administration interface, double click on filezilla_admin.bat
  3. Select Edit > Settings
  4. From the left menu clcik on SSL/TLS settings A)
  5. Check Enable SSL/TSL support B)
  6. Default Allow explicit SSL/TLS on normal connections C)
  7. Checks Force explicit SSL/TLS D)
  8. Default Listen for SSL/TLS –only connections on port 990 E)
  9. Click Generate new certificate F)

Note: No need to fill in Private key or Certificate files or Key password boxes.

 

Fill in certificate details:

  1. Seclect Key size 4096bit G)
  2. Insert 2-Digit country code H)
  3. Fill in some real or dummy information a)-f)
  4. Fill in Common name I) Use localhost or your real domain name
  5. Use browse J) and navigate to folder *\udrive\filezilla_server
    this is where the certificate will be saved.
  6. Click Generate certificate K) this will take a while.
  7. When complete click OK L)

 

Enable user to use SSL:

  1. From admin select Edit > Users
  2. Select a user account M)
  3. Check Bypass N)
  4. Check Force SSL for user login O)
  5. Click OK P)
  6. Restart server

 

Top

Client

I am assuming your are using FireFox and FireFTP

  1. Enter a host R) either use IP address 127.0.0.1 or host name localhost
  2. Enter an Account name Q) Can be anything you like.
  3. Enter login name S) e.g fred (ftp user name)
  4. Enter password T) for fred (ftp user account password)
  5. Click on Connection tab U)
  6. From the drop down menu V) select Implicit SSL (Good)
  7. Check the port number 990 is set W)
  8. Finally click OK X)


Local test:

From FireFTP click the Connect button enter name an password.

Your browser will have a whinge, create a certificate exception.

FTP folder will display.


Local network test:

On another PC connected to your network repeat the above steps 1-11.

Note: At step 1 enter your PC’s IP address. (See previous page how to obtain IP address)

That confirms you can access the FTP server across your network.

   

Top

Problems encountered

Occasionally I noticed on a working system it would fail after creating a new certificate.

I am not sure why an alternative is to use the key and certificate generator from SSL mini-server and copy the key and certificate to folder \udrive\filezilla_server.

Remember to set the paths to Private key file and Certificate file use the browse buttons see first image above.

Note: No need to enter a Key Password. Top

Summary

The above provides a secure link to your FTP server. If you are running a wireless network, data can be intercepted by sniffing the radio signals. Should your basic wireless security be compromised the FTP encryption will provide another hurdle making it more difficult for that data to be accessed.

You do need the above security when FTPing data across the Internet. Before proceeding to the final part make sure you can securely FTP locally.

Top


  Ric