Auto Add

Wednesday, 21 May 2014

Configure FTP Over SSL

One of the features is FTP over Secure Sockets Layer (SSL), which allows sessions to be encrypted between an FTP client and server. This document walks you through: setting up an FTP site; and, configuring that site to use SSL with the new FTP user interface, which allows you to directly edit the IIS 7.0 configuration files. It contains

Prerequisites

The following items are required to be installed to complete the procedures in this article:

  1. IIS 7.0 must be installed on your Windows 2008 Server, and the Internet Information Services Manager must be installed.
  2. The new FTP service. You can download and install the FTP service from the http://www.iis.net/ web site using one of the following links:
    • FTP 7.5 for IIS 7.0 (x64)
    • FTP 7.5 for IIS 7.0 (x86)
  3. You will need to create a root folder for FTP publishing:
    • Create a folder at "%SystemDrive%\inetpub\ftproot"
    • Set the permissions to allow access for the administrators group:
      • Open a command prompt.
      • Type the following command:
        ICACLS "%SystemDrive%\inetpub\ftproot" /Grant administrators:F /T
      • Close the command prompt.
Note: The settings listed in this walkthrough specify "%SystemDrive%\inetpub\ftproot" as the path to your FTP site. You are not required to use this path; however, if you change the location for your site you must change the site-related paths that are used throughout this walkthrough.

Creating a Self-signed SSL Certificate

In this optional task you will create a self-signed SSL certificate that you will use for testing your FTP site.
  1. Enter "My FTP Certificate" as the name for the new certificate, then click OK.
  2. Click Create Self-Signed Certificate in the Actions pane.
  3. Click your computer at the top node of the Connections tree, then double-click the Server Certificates feature.
  4. Open the Internet Information Services (IIS 7.0) Manager.

Creating an SSL-enabled FTP Site Using the IIS 7.0 Manager

Step 1: Use the FTP Site Wizard to Create an SSL-based FTP Site

In this first step, you create a new FTP site that can only be opened using your administrator account.
  1. On the next page of the wizard:
    • Select Basic for the Authentication settings.
    • For the Authorization settings:
      • Choose "Specified users" from the Allow access to drop-down.
      • Type "administrator" for the user name.
      • Select Read and Write for the Permissions option.
    • When you have completed these items, click Finish.
  2. On the next page of the wizard:
    • Choose an IP address for your FTP site from the IP Address drop-down, or choose to accept the default selection of "All Unassigned." Because you will use the administrator account later in this walk-through, make sure that you restrict access to the server and enter the local loopback IP address for your computer by typing "127.0.0.1" in the IP Address box.
    • You would normally enter the TCP/IP port for the FTP site in the Port box. For this walk-through, choose to accept the default port of 21.
    • For this walk- through, you do not use a host name, so make sure that the Virtual Host box is blank.
    • Make sure that the Certificates drop-down is set to your SSL certificate. For example, if you followed the optional step to create a self-signed certificate, the drop-down box should say "My FTP Certificate".
    • Make sure that the Allow SSL option is selected.
    • Click Next.
  3. When the Add FTP Site wizard appears:
    • Enter "My New FTP Site" in the FTP site name box, then navigate to the "%SystemDrive%\inetpub\ftproot" folder that you created in the Prerequisites section. Note: If you choose to type in the path to your content folder, you can use environment variables in your paths.
    • Click Next.
  4. Right-click the Sites node in the tree and click Add FTP Site, or click Add FTP Site in the Actions pane.
  5. Go to IIS 7.0 Manager. In the Connections pane, click the Sites node in the tree.
You have successfully created a new SSL-based FTP site using the new FTP service.

Step 2: Configuring Additional FTP SSL Settings

The SSL policy for FTP is customizable on a site-by-site basis. Different settings can be specified for the control and data channels. In this step, you configure additional SSL settings for your FTP site that ensure that all user credentials are encrypted, even if all other FTP activity is not.

  1. On the FTP SSL Settings page, click Apply in the Actions pane to save the SSL settings.
  2. When the FTP SSL Settings page displays, select the Custom option, and then click the Advanced button.
  3. In order to configure the SSL options, double-click the FTP SSL Settings icon to open the SSL settings feature page.
  4. Go to the IIS 7.0 Manager. Click the node for the FTP site that you created in Step 1. The icons for all of the FTP features display.
  5. When the Advanced SSL Policy dialog box is displayed:
    • When you have completed these items, click OK.


      •  Select the Require only for credentials option for the control channel. Note: This setting requires that all user names and password are encrypted via SSL, but the client can choose whether to encrypt all other control channel activity.
      • Select the Allow option for the data channel. Note: This setting allows the client to choose whether to encrypt any data channel activity.
      Thanks & Regards
        Srikanth Goud  - Virtualization Administrator
    at
    Labels:

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

    Microsoft Intune, a Compliance Policy

      In Microsoft Intune, a Compliance Policy is a set of rules and settings that a device must meet to be considered "healthy" and ...