IIS 7 FTP over SSL

rodney.buike — Mon, 27 Oct 2008 16:10:00 GMT

One of the new and long awaited features in IIS 7 is support for FTPS or FTP over SSL. By default all FTP data is transfered in clear text, including the user name and password. From a security point of view you can see this is a bad thing. FTPS to the rescue! Before you begin you will need to download and install FTP for IIS7 and you can do so here:

The first step is to create the certificate. You have two options, create a certificate request to process with a 3rd party SSL cert provider and then complete the request by importing the supplied cert, or creating a self signed certificate. For production systems ALWAYS use a 3rd party cert from a trusted root. For this setup we will use a self signed certificate so we will start by creating one.

Click on Create Self Signed Certificate called My FTP Certificate…

Next click on Default Web Site and then double click on FTP SSL Settings. Select your SSL certificate from the list and then choose Allow SSL Connections. Click Apply and we are almost done!

We can test it out by connecting to the FTP server with the following command:

ftps localhost

If all goes well we will be connected. Now we enable SSL with the following command:

SSL on (enter)

bye (enter)

You will be disconnected but you can see that SSL for Commands and SSL for Data is set to on.

Now that SSL is enabled we have the option to force it by choosing Require SSL Connections.

Again click apply and if we try and login with:

ftp localhost

We will see the error message that the “SSL policy requires SSL for control channel”.

If you want to try this out for yourself you can via the TechNet Virtual Labs.

For more information see:

TechNet Virtual Lab: Administering the IIS 7 File Transfer Protocol (FTP) Server

The Lazy Admin : rodney.buike, IIS

IIS 7 FTP over SSL