Differences

This shows you the differences between the selected revisions of the page.

guide_windows_ftps_server 2023-02-06		guide_windows_ftps_server 2025-01-30 (current)
	Line 66:		Line 66:
	===== [[opening_iis_manager]] Opening IIS Manager =====		===== [[opening_iis_manager]] Opening IIS Manager =====

-	* Go to //Control Panel > System and Security > Administrative Tools// (//Windows Tools// on Windows 11) and open //Internet Information Services (%%IIS%%) Manager//. &wincp	+	* Go to //Control Panel > System and Security > Windows Tools// (//Administrative Tools// on Windows 10 and older) and open //Internet Information Services (%%IIS%%) Manager//. &wincp &win10
	* Navigate to your Windows server node.		* Navigate to your Windows server node.

	&screenshotpict(iis_manager)		&screenshotpict(iis_manager)

-	-----BEGIN CERTIFICATE REQUEST-----	+	===== [[certificate]] Creating Certificate for the FTPS Server =====
-	MIIBHTCBwwIBADBhMRQwEgYDVQQDDAtwb3Rob2YuaW5mbzEWMBQGA1UECAwNTm9v	+
-	cmQtQnJhYmFudDEOMAwGA1UEBwwFQnJlZGExCzAJBgNVBAYTAk5MMRQwEgYDVQQK	+
-	DAtwb3Rob2YuaW5mbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDep4Shgrvkn	+
-	RzutII59KSdiFWx6ozSMOI/5UCcOyDx2TtQB1rKqVLY0LU422/gK90bR0rvgI6Us	+
-	EI6qyj0vACGgADAKBggqhkjOPQQDAgNJADBGAiEA2aFl2GeBQuaHwZczvS1k31Zq	+
-	83U6c4iVOEEuTqo2OFwCIQDJ/qLeaoI2QslP91EdEN/2QQWC4zSRj/5UTdxL+FVZ	+
-	uQ==	+
-	-----END CERTIFICATE REQUEST-----	+

-	-----BEGIN EC PARAMETERS-----	+	You need a TLS/SSL certificate to secure your FTP server. Ideally, you should acquire the certificate from a certificate authority.
-	BggqhkjOPQMBBw==	+
-	-----END EC PARAMETERS-----	+
-	-----BEGIN EC PRIVATE KEY-----	+
-	MHcCAQEEIISAMem9XJldQzmdzzAZZff5u4LCWm/svzo1EtZi9RvpoAoGCCqGSM49	+
-	AwEHoUQDQgAEN6nhKGCu+SdHO60gjn0pJ2IVbHqjNIw4j/lQJw7IPHZO1AHWsqpU	+
-	tjQtTjbb+Ar3RtHSu+AjpSwQjqrKPS8AIQ==	+
-	-----END EC PRIVATE KEY-----	+

-	-----BEGIN CERTIFICATE-----	+	You may also create a self-signed certificate locally, but in such case users of your FTPS server [[tls#certificate\|will be warned]], when connecting to the server.
-	MIIEpTCCBEugAwIBAgIQTbvjnlUB1+S4n5Ilph3EbzAKBggqhkjOPQQDAjCBjzEL	+
-	MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE	+	To create the self-signed certificate:
-	BxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5T	+
-	ZWN0aWdvIEVDQyBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4X	+	··* In //%%IIS%% Manager//, open //%%IIS%% > Server Certificates//.
-	DTIzMDIwMjAwMDAwMFoXDTI0MDIwMzIzNTk1OVowFjEUMBIGA1UEAxMLcG90aG9m	+	··* Click on //Create Self-Signed Certificate// action.
-	LmluZm8wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3qeEoYK75J0c7rSCOfSkn	+	··* Specify a certificate name (e.g. "%%FTP%% Server") and submit with //OK//.
-	YhVseqM0jDiP+VAnDsg8dk7UAdayqlS2NC1ONtv4CvdG0dK74COlLBCOqso9LwAh	+
-	o4IC/zCCAvswHwYDVR0jBBgwFoAU9oUKOxGG4QR9DqoLLNLuzGR7e64wHQYDVR0O	+	&screenshotpict(iis_certificates)
-	BBYEFGMSvLF4v5a5pt+3JaeBpWYdlPyBMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMB	+
-	Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBA	+	Self-signed certificates created by old versions of %%IIS%% Manager do not work with %%FTPS%% clients that check for key usage violations.((E.g. clients that use GnuTLS, like FileZilla, do not accept certificates created by IIS on Windows 10 and Windows Server 2019 and older.)) To create a certificate with a correct key usage, use ''[[ps>pki/new-selfsignedcertificate\|New-SelfSignedCertificate]]'' PowerShell as an Administrator:
-	MDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5j	+
-	b20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2ME8GCCsGAQUFBzAChkNo	+	<code powershell>;
-	dHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29FQ0NEb21haW5WYWxpZGF0aW9u	+	New-SelfSignedCertificate -FriendlyName "FTP Server" -CertStoreLocation cert:\localmachine\my -DnsName ftp.example.com
-	U2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0	+	</code>
-	aWdvLmNvbTAnBgNVHREEIDAeggtwb3Rob2YuaW5mb4IPd3d3LnBvdGhvZi5pbmZv	+
-	MIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgB2/4g/Crb7lVHCYcz1h7o0tKTN	+
-	uyncaEIKn+ZnTFo6dAAAAYYTZeOmAAAEAwBHMEUCIFtdMQuMBz7pLssZRGkzamic	+
-	PFZ1iip09Na2RawuWevQAiEAikWqll0lFRb/OSUaMMGXiS3Vb5qQhckkHDOvj507	+
-	9K4AdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYYTZeO+AAAE	+
-	AwBHMEUCICGN6sta0tnRoSsq0fc1UoHTD+j/SiMYcnkZSsmxoNw4AiEAi+utFkV4	+
-	ta7yRoTr5M7Xl/px/hOp143TJR0f4q9qnCQAdwDuzdBk1dsazsVct520zROiModG	+
-	fLzs3sNRSFlGcR+1mwAAAYYTZeOOAAAEAwBIMEYCIQDUS4NVTVbyLfJQlUL/ov18	+
-	9wFsUpjKRUo2hqVN4t2SpwIhANxGQBVMpcQkkpjuNSj5/ut7cmw6M0RwuA6jUrDZ	+
-	X8sHMAoGCCqGSM49BAMCA0gAMEUCIQCg16qjQc2DwHDq0GMCtfaENMHpRhbRfhs7	+
-	fVT6JzlbxQIgDdJJlG7PoJofaVuWCeG6SxMcFa7BRiQaz8D2ccNfweg=	+
-	-----END CERTIFICATE-----	+

	===== [[firewall]] Servers behind external Firewall/NAT =====		===== [[firewall]] Servers behind external Firewall/NAT =====
	Line 143:		Line 116:
	While the internal Windows firewall is automatically configured to open FTP ports when %%FTP%% server is installed, this change does not seem to apply, until %%FTP%% service is restarted. The same is true for changing data channel port range.		While the internal Windows firewall is automatically configured to open FTP ports when %%FTP%% server is installed, this change does not seem to apply, until %%FTP%% service is restarted. The same is true for changing data channel port range.

-	To restart %%FTP%% service go to //Control Panel > System and Security > Administrative Tools// (//Windows Tools// on Windows 11) &win11 and open //Services//. Locate //Microsoft %%FTP%% Service// and click //Restart service//.((Try restarting whole system, if a service restart does not help.)) &wincp	+	To restart %%FTP%% service go to //Control Panel > System and Security > Windows Tools// (//Administrative Tools// on Windows 10 and older) &win10 and open //Services//. Locate //Microsoft %%FTP%% Service// and click //Restart service//.((Try restarting whole system, if a service restart does not help.)) &wincp

	===== Adding FTP Site =====		===== Adding FTP Site =====

Differences

Documentation

Support

Associations

Follow Us