Differences
This shows you the differences between the selected revisions of the page.
2023-02-06 | 2023-02-07 (current) | ||
no summary (163.158.160.246) (hidden) (untrusted) | Restored revision 1666367909. Undoing revision 1675709335. (martin) (hidden) | ||
Line 71: | Line 71: | ||
&screenshotpict(iis_manager) | &screenshotpict(iis_manager) | ||
- | -----BEGIN CERTIFICATE REQUEST----- | + | ===== [[certificate]] Creating Certificate for the FTPS Server ===== |
- | MIIBHTCBwwIBADBhMRQwEgYDVQQDDAtwb3Rob2YuaW5mbzEWMBQGA1UECAwNTm9v | + | |
- | cmQtQnJhYmFudDEOMAwGA1UEBwwFQnJlZGExCzAJBgNVBAYTAk5MMRQwEgYDVQQK | + | |
- | DAtwb3Rob2YuaW5mbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDep4Shgrvkn | + | |
- | RzutII59KSdiFWx6ozSMOI/5UCcOyDx2TtQB1rKqVLY0LU422/gK90bR0rvgI6Us | + | |
- | EI6qyj0vACGgADAKBggqhkjOPQQDAgNJADBGAiEA2aFl2GeBQuaHwZczvS1k31Zq | + | |
- | 83U6c4iVOEEuTqo2OFwCIQDJ/qLeaoI2QslP91EdEN/2QQWC4zSRj/5UTdxL+FVZ | + | |
- | uQ== | + | |
- | -----END CERTIFICATE REQUEST----- | + | |
- | -----BEGIN EC PARAMETERS----- | + | You need a TLS/SSL certificate to secure your FTP server. Ideally, you should acquire the certificate from a certificate authority. |
- | BggqhkjOPQMBBw== | + | |
- | -----END EC PARAMETERS----- | + | |
- | -----BEGIN EC PRIVATE KEY----- | + | |
- | MHcCAQEEIISAMem9XJldQzmdzzAZZff5u4LCWm/svzo1EtZi9RvpoAoGCCqGSM49 | + | |
- | AwEHoUQDQgAEN6nhKGCu+SdHO60gjn0pJ2IVbHqjNIw4j/lQJw7IPHZO1AHWsqpU | + | |
- | tjQtTjbb+Ar3RtHSu+AjpSwQjqrKPS8AIQ== | + | |
- | -----END EC PRIVATE KEY----- | + | |
- | -----BEGIN CERTIFICATE----- | + | You may also create a self-signed certificate locally, but in such case users of your FTPS server [[tls#certificate|will be warned]], when connecting to the server. |
- | MIIEpTCCBEugAwIBAgIQTbvjnlUB1+S4n5Ilph3EbzAKBggqhkjOPQQDAjCBjzEL | + | |
- | MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE | + | To create the self-signed certificate: |
- | BxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTcwNQYDVQQDEy5T | + | |
- | ZWN0aWdvIEVDQyBEb21haW4gVmFsaWRhdGlvbiBTZWN1cmUgU2VydmVyIENBMB4X | + | ··* In //%%IIS%% Manager//, open //%%IIS%% > Server Certificates//. |
- | DTIzMDIwMjAwMDAwMFoXDTI0MDIwMzIzNTk1OVowFjEUMBIGA1UEAxMLcG90aG9m | + | ··* Click on //Create Self-Signed Certificate// action. |
- | LmluZm8wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3qeEoYK75J0c7rSCOfSkn | + | ··* Specify a certificate name (e.g. "%%FTP%% Server") and submit with //OK//. |
- | YhVseqM0jDiP+VAnDsg8dk7UAdayqlS2NC1ONtv4CvdG0dK74COlLBCOqso9LwAh | + | |
- | o4IC/zCCAvswHwYDVR0jBBgwFoAU9oUKOxGG4QR9DqoLLNLuzGR7e64wHQYDVR0O | + | &screenshotpict(iis_certificates) |
- | BBYEFGMSvLF4v5a5pt+3JaeBpWYdlPyBMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMB | + | |
- | Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHSAEQjBA | + | Self-signed certificates created by old versions of %%IIS%% Manager do not work with %%FTPS%% clients that check for key usage violations.((E.g. clients that use GnuTLS, like FileZilla, do not accept certificates created by IIS on Windows 10 and Windows Server 2019 and older.)) To create a certificate with a correct key usage, use ''[[ps>pki/new-selfsignedcertificate|New-SelfSignedCertificate]]'' PowerShell as an Administrator: |
- | MDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5j | + | |
- | b20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUHAQEEeDB2ME8GCCsGAQUFBzAChkNo | + | <code powershell> |
- | dHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29FQ0NEb21haW5WYWxpZGF0aW9u | + | New-SelfSignedCertificate -FriendlyName "FTP Server" -CertStoreLocation cert:\localmachine\my -DnsName ftp.example.com |
- | U2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0 | + | </code> |
- | aWdvLmNvbTAnBgNVHREEIDAeggtwb3Rob2YuaW5mb4IPd3d3LnBvdGhvZi5pbmZv | + | |
- | MIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgB2/4g/Crb7lVHCYcz1h7o0tKTN | + | |
- | uyncaEIKn+ZnTFo6dAAAAYYTZeOmAAAEAwBHMEUCIFtdMQuMBz7pLssZRGkzamic | + | |
- | PFZ1iip09Na2RawuWevQAiEAikWqll0lFRb/OSUaMMGXiS3Vb5qQhckkHDOvj507 | + | |
- | 9K4AdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYYTZeO+AAAE | + | |
- | AwBHMEUCICGN6sta0tnRoSsq0fc1UoHTD+j/SiMYcnkZSsmxoNw4AiEAi+utFkV4 | + | |
- | ta7yRoTr5M7Xl/px/hOp143TJR0f4q9qnCQAdwDuzdBk1dsazsVct520zROiModG | + | |
- | fLzs3sNRSFlGcR+1mwAAAYYTZeOOAAAEAwBIMEYCIQDUS4NVTVbyLfJQlUL/ov18 | + | |
- | 9wFsUpjKRUo2hqVN4t2SpwIhANxGQBVMpcQkkpjuNSj5/ut7cmw6M0RwuA6jUrDZ | + | |
- | X8sHMAoGCCqGSM49BAMCA0gAMEUCIQCg16qjQc2DwHDq0GMCtfaENMHpRhbRfhs7 | + | |
- | fVT6JzlbxQIgDdJJlG7PoJofaVuWCeG6SxMcFa7BRiQaz8D2ccNfweg= | + | |
- | -----END CERTIFICATE----- | + | |
===== [[firewall]] Servers behind external Firewall/NAT ===== | ===== [[firewall]] Servers behind external Firewall/NAT ===== |