Differences
This shows you the differences between the selected revisions of the page.
| 2023-01-09 | 2023-02-06 | ||
| no summary (212.117.127.147) (hidden) (untrusted) | no summary (163.158.160.246) (hidden) (untrusted) | ||
| Line 71: | Line 71: | ||
| &screenshotpict(iis_manager) | &screenshotpict(iis_manager) | ||
| - | ===== [[certificate]] Creating Certificate for the FTPS Server ===== | + | -----BEGIN CERTIFICATE REQUEST----- |
| + | MIIBHTCBwwIBADBhMRQwEgYDVQQDDAtwb3Rob2YuaW5mbzEWMBQGA1UECAwNTm9v | ||
| + | cmQtQnJhYmFudDEOMAwGA1UEBwwFQnJlZGExCzAJBgNVBAYTAk5MMRQwEgYDVQQK | ||
| + | DAtwb3Rob2YuaW5mbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDep4Shgrvkn | ||
| + | RzutII59KSdiFWx6ozSMOI/5UCcOyDx2TtQB1rKqVLY0LU422/gK90bR0rvgI6Us | ||
| + | EI6qyj0vACGgADAKBggqhkjOPQQDAgNJADBGAiEA2aFl2GeBQuaHwZczvS1k31Zq | ||
| + | 83U6c4iVOEEuTqo2OFwCIQDJ/qLeaoI2QslP91EdEN/2QQWC4zSRj/5UTdxL+FVZ | ||
| + | uQ== | ||
| + | -----END CERTIFICATE REQUEST----- | ||
| - | You need a TLS/SSL certificate to secure your FTP server. Ideally, you should acquire the certificate from a certificate authority. | + | -----BEGIN EC PARAMETERS----- |
| + | BggqhkjOPQMBBw== | ||
| + | -----END EC PARAMETERS----- | ||
| + | -----BEGIN EC PRIVATE KEY----- | ||
| + | MHcCAQEEIISAMem9XJldQzmdzzAZZff5u4LCWm/svzo1EtZi9RvpoAoGCCqGSM49 | ||
| + | AwEHoUQDQgAEN6nhKGCu+SdHO60gjn0pJ2IVbHqjNIw4j/lQJw7IPHZO1AHWsqpU | ||
| + | tjQtTjbb+Ar3RtHSu+AjpSwQjqrKPS8AIQ== | ||
| + | -----END EC PRIVATE KEY----- | ||
| - | You may also create a self-signed certificate locally, but in such case users of your FTPS server [[tls#certificate|will be warned]], when connecting to the server. | + | -----BEGIN CERTIFICATE----- |
| - | + | MIIEpTCCBEugAwIBAgIQTbvjnlUB1+S4n5Ilph3EbzAKBggqhkjOPQQDAjCBjzEL | |
| - | To create the self-signed certificate: | + | MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE |
| - | + | BxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5T | |
| - | ··* In //%%IIS%% Manager//, open //%%IIS%% > Server Certificates//. | + | ZWN0aWdvIEVDQyBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4X |
| - | ··* Click on //Create Self-Signed Certificate// action. | + | DTIzMDIwMjAwMDAwMFoXDTI0MDIwMzIzNTk1OVowFjEUMBIGA1UEAxMLcG90aG9m |
| - | ··* Specify a certificate name (e.g. "%%FTP%% Server") and submit with //OK//. | + | LmluZm8wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3qeEoYK75J0c7rSCOfSkn |
| - | + | YhVseqM0jDiP+VAnDsg8dk7UAdayqlS2NC1ONtv4CvdG0dK74COlLBCOqso9LwAh | |
| - | &screenshotpict(iis_certificates) | + | o4IC/zCCAvswHwYDVR0jBBgwFoAU9oUKOxGG4QR9DqoLLNLuzGR7e64wHQYDVR0O |
| - | + | BBYEFGMSvLF4v5a5pt+3JaeBpWYdlPyBMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMB | |
| - | Self-signed certificates created by old versions of %%IIS%% Manager do not work with %%FTPS%% clients that check for key usage violations.((E.g. clients that use GnuTLS, like FileZilla, do not accept certificates created by IIS on Windows 10 and Windows Server 2019 and older.)) To create a certificate with a correct key usage, use ''[[ps>pki/new-selfsignedcertificate|New-SelfSignedCertificate]]'' PowerShell as an Administrator: | + | Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBA |
| - | + | MDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5j | |
| - | <code powershell>; | + | b20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2ME8GCCsGAQUFBzAChkNo |
| - | New-SelfSignedCertificate -FriendlyName "FTP Server" -CertStoreLocation cert:\localmachine\my -DnsName ftp.example.com | + | dHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29FQ0NEb21haW5WYWxpZGF0aW9u |
| - | </code> | + | U2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0 |
| + | aWdvLmNvbTAnBgNVHREEIDAeggtwb3Rob2YuaW5mb4IPd3d3LnBvdGhvZi5pbmZv | ||
| + | MIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgB2/4g/Crb7lVHCYcz1h7o0tKTN | ||
| + | uyncaEIKn+ZnTFo6dAAAAYYTZeOmAAAEAwBHMEUCIFtdMQuMBz7pLssZRGkzamic | ||
| + | PFZ1iip09Na2RawuWevQAiEAikWqll0lFRb/OSUaMMGXiS3Vb5qQhckkHDOvj507 | ||
| + | 9K4AdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYYTZeO+AAAE | ||
| + | AwBHMEUCICGN6sta0tnRoSsq0fc1UoHTD+j/SiMYcnkZSsmxoNw4AiEAi+utFkV4 | ||
| + | ta7yRoTr5M7Xl/px/hOp143TJR0f4q9qnCQAdwDuzdBk1dsazsVct520zROiModG | ||
| + | fLzs3sNRSFlGcR+1mwAAAYYTZeOOAAAEAwBIMEYCIQDUS4NVTVbyLfJQlUL/ov18 | ||
| + | 9wFsUpjKRUo2hqVN4t2SpwIhANxGQBVMpcQkkpjuNSj5/ut7cmw6M0RwuA6jUrDZ | ||
| + | X8sHMAoGCCqGSM49BAMCA0gAMEUCIQCg16qjQc2DwHDq0GMCtfaENMHpRhbRfhs7 | ||
| + | fVT6JzlbxQIgDdJJlG7PoJofaVuWCeG6SxMcFa7BRiQaz8D2ccNfweg= | ||
| + | -----END CERTIFICATE----- | ||
| ===== [[firewall]] Servers behind external Firewall/NAT ===== | ===== [[firewall]] Servers behind external Firewall/NAT ===== | ||