A Windows System Admin's Blog

Covering Server Administration, Endpoint Management, Scripting and Network Management

How to Install a trusted certificate onto a FileZilla FTP server to enable FTPS (FTP over TLS)

,

I was recently helping troubleshoot an issue where as part of that I needed to get a 50GB SQL Database transferred from an interstate client onto our servers.  Both the client and us have a decent Internet Connection and we already had an FTP server in place but I was worried about the sensitive nature of the material we were transferring, so I set about enabling FTP over TLS on our FileZilla FTP Server using our Public CA Digital Certificate, the process took a little fiddling and I’ll outline it now. One thing I would highly recommend is re-exporting this Certificate with a different private key than what you would normally use as FileZilla unfortunately stores it in plain text.

openssl-commands

Firstly, you will need the OpenSSL windows binaries (available here).  Once downloaded, extract them to a handy place like c:\openssl and copy across your Certificate in PKCS#12 .pfx format (which is what our default format of the certificate is).  So we have .pfx inside c:\openssl. Now that we are ready, open an administrative command prompt and CD into C:\OpenSSL (handy tip, in Windows Explorer when you are in a folder you want to open a CMD prompt to, just type CMD into the address bar and hit enter).  Now there are two commands we will use with OpenSSL to convert and strip out what we need.

openssl pkcs12 -in <your.pfx>  -nocerts -nodes -passin pass:<yourpass> | openssl rsa -out <output.pem>

and

openssl pkcs12 -in <your.pfx> -clcerts -nokeys -passin pass:<yourpass> -out <output.crt>
filezilla-settings

Once you have that, open both of them up in Notepad (or Notepad++), you will want to copy the Certificate extract from command two into the RSA Key we extracted in command one.  Once we have that save the file as <yourcertnamehere>.crt.  Open up FileZilla Server manager and go into Settings.  Under the FTP over TLS Settings page, select the Certificate we created earlier and enter the Private Key for the Certificate and click OK.  Now I’d recommend using WinSCP to connect as it trusts certificates already in the Windows Trusted Root CAs Store (FileZilla will always prompt to trust).

 

Leave a Reply

More Posts

How to set (and change) an NTP time source in Windows Server 2008 R2 (SBS 2011 and Vanilla Server).

Recently, the clocks on my home networked PCs began drifting off sync until the difference was around 30 minutes. At first i thought that my SBS server was no longer synching with time.windows.com (the default time server for windows). After a quick look at the event log, I could see that it was syncing correctly […]

AWS and Windows Activation

Quick one today where I was on a client server hosted in AWS that wasn’t activated. Trying to activate it via Settings App throws and error. Like most large scale cloud vendors (except Azure), AWS use KMS to activate their windows machines, however sometimes the servers need some help to reach the internal KMS servers […]

Adventures with setting up RDS RemoteApp and Web Access in Windows Server 2012 R2

So I was recently setting up a demo environment in Azure with two servers.  Our goal was to have Remote Web Access and then publish RemoteApps through that so we could give live demos.  The process to setup Remote Desktop Services is much easier in Server 2012 / 2012 R2 thanks to the Add Remove […]