Creating and Applying SSL Certificate to FileZilla FTP Server 🌱


DNS Setup

  1. For Windows DNS, go to Start > Windows Administrative Tools > DNS
  2. Expand the DNS server and domain name
  3. Right Click > New Host (A or AAAA)
  4. Type ftp as the hostname and the target IP address > Click OK

Create Your SSL Certificate

  1. Launch XCA
  2. Open the PKI database if it is not already (File > Open DataBase), enter password
  3. Click on the Certificates tab, right click on your Intermediate CA certificate
  4. Select New
  5. On the Source tab, make sure Use this Certificate for signing is selected
  6. Verify your Intermediate CA certificate is selected from the drop down
  7. Click the Subject tab
  8. Complete the Distinguished Name section

    internalName: ftp.i12bretro.local
    countryName: US
    stateOrProvinceName: Virginia
    localityName: Northern
    organizationName: i12bretro
    organizationUnitName: i12bretro Certificate Authority
    commonName: ftp.i12bretro.local

  9. Click the Generate a New Key button
  10. Enter a name and set the key size to at least 2048
  11. Click Create
  12. Click on the Extensions tab
  13. Select End Entity from the type list
  14. Click Edit next to Subject Alternative Name
  15. Add any DNS or IP addresses that the certificate will identify
  16. Update the validity dates to fit your needs
  17. Click the Key Usage tab
  18. Under Key Usage select Digital Signature, Key Encipherment
  19. Under Extended Key Usage select Web Server and Web Client Authentication
  20. Click the Netscape tab
  21. Select SSL Server
  22. Click OK to create the certificate

Exporting Required Files

  1. In XCA, click on the Certificates tab
  2. Right click the SSL certificate > Export > File
  3. Set the file name to ftp.crt verify the export format is PEM (*.crt)
  4. Click OK
  5. Click the Private Keys tab
  6. Right click the private key generated for the SSL certificate > Export > File
  7. Set the file name to ftp.key and verify the export format is PEM Private (*.pem)
  8. Click OK
  9. Copy the two exported files to the FileZilla Server installation directory, typically C:\Program Files\FileZilla

Installing FileZilla Server

  1. Download FileZilla Server Download
  2. Install Filezilla Server
  3. Launch FileZilla Server Administration
  4. Select Edit > Users from the top navigation
  5. Click the Add button under Users on the right side of the screen
  6. Enter a username > Click OK
  7. Enable the Password field by checking the box > Enter a password for the new user
  8. Click the Shared folders option in the left navigation menu
  9. Click the Add button in the middle of the page
  10. Browse to a local directory on the server to grant access to this FTP user
  11. On the right side of the Shared folders pane, set the access level that the user will have on this directory
  12. Click OK to close the Users dialog
  13. Select Edit > Settings from the top navigation
  14. Click FTP over TLS settings from the left navigation
  15. Check the Enable FTP over TLS support box
  16. Click the browse button next to Private key file and browse to the exported .key file
  17. Click the browse button next to Certificate file and browse to the exported .crt file
  18. To force all connections to use SSL, check the Disallow plain unencrypted FTP box
  19. Change the SSL/TLS listen port to 990
  20. Click OK
  21. The FTP server should restart and apply the new settings

Testing FTPS Connectivity

  1. Download FileZilla Client Download
  2. Extract the downloaded .zip file
  3. Run Filezilla.exe
  4. Complete the quickconnect fields as follows

    Host: ftps://ftp.i12bretro.local
    Username: i12bretro
    Password: <#ftp password#>
    Port: 990

  5. On the Unknown Certificate popup, check the Always trust this certificate in future sessions checkbox > Click OK