How to Install a trusted certificate onto a FileZilla FTP server to enable FTPS (FTP over TLS)

I was recently helping troubleshoot an issue where as part of that I needed to get a 50GB SQL Database transferred from an interstate client onto our servers.  Both the client and us have a decent Internet Connection and we already had an FTP server in place but I was worried about the sensitive nature of the material we were transferring, so I set about enabling FTP over TLS on our FileZilla FTP Server using our Public CA Digital Certificate, the process took a little fiddling and I’ll outline it now. One thing I would highly recommend is re-exporting this Certificate with a different private key than what you would normally use as FileZilla unfortunately stores it in plain text.

openssl-commandsFirstly, you will need the OpenSSL windows binaries (available here).  Once downloaded, extract them to a handy place like c:\openssl and copy across your Certificate in PKCS#12 .pfx format (which is what our default format of the certificate is).  So we have .pfx inside c:\openssl. Now that we are ready, open an administrative command prompt and CD into C:\OpenSSL (handy tip, in Windows Explorer when you are in a folder you want to open a CMD prompt to, just type CMD into the address bar and hit enter).  Now there are two commands we will use with OpenSSL to convert and strip out what we need.

openssl pkcs12 -in <your.pfx>  -nocerts -nodes -passin pass:<yourpass> | openssl rsa -out <output.pem>

and

openssl pkcs12 -in <your.pfx> -clcerts -nokeys -passin pass:<yourpass> -out <output.crt>

filezilla-settingsOnce you have that, open both of them up in Notepad (or Notepad++), you will want to copy the Certificate extract from command two into the RSA Key we extracted in command one.  Once we have that save the file as <yourcertnamehere>.crt.  Open up FileZilla Server manager and go into Settings.  Under the FTP over TLS Settings page, select the Certificate we created earlier and enter the Private Key for the Certificate and click OK.  Now I’d recommend using WinSCP to connect as it trusts certificates already in the Windows Trusted Root CAs Store (FileZilla will always prompt to trust).

 

Short blog hiatus…

So you may see that I haven’t been blogging lately. The reason being that I have a new job (focusing on Systems Engineering/Admin, Network Admin as well as IT Super Hero), so I’ve been mainly focusing on that and getting up to speed.  Now that I’ve settled in I will be back at it writing up on my adventures in the world of IT.  Expect more soon.

Visio Shape packs for HP, Aruba, IBM and Other Vendors and Products, great for use in technical documentation

Just a quick one today.  I was in the middle of documenting some of our storage and server setups and wanted some more accurate shapes for our HP Storage arrays and Servers and stumbled upon Visiocafe who have a treasure trove of shapes for Visio 2003, 2007 and 2010. I’ve been using the HP ones and can I tell you that they are VERY accurate. If you are after HP Shapes (for networking, storage, SANs and Servers) visit http://www.visiocafe.ca/hp.htm