Secure FTP on Windows Server 2008

A coworker came across this 12 minute video today concerning Windows Server 2008 and IIS 7 Secure FTP services.

http://blogs.technet.com/chrisavis/archive/2008/06/12/how-to-configure-ftp-over-ssl-secure-ftp-on-windows-2008-in-less-than-10-minutes.aspx

I thought it was pretty interesting so I’ll try on summarize in this post. Basically, Microsoft got lots of complaints about the fact that no “built-in” secure FTP services had been included into previous versions of Windows Server. In fact, there is no built-in secure FTP services in Windows Server 2008, but it can be downloaded from the following locations:

Windows Server 2008 – FTP 7.0 Secure FTP – 32bit

http://www.microsoft.com/downloads/details.aspx?familyid=2ECCF14A-5C4F-4CFB-9153-CFE1204B346A&displaylang=en

Windows Server 2008 – FTP 7.0 Secure FTP – 64bit

http://www.microsoft.com/downloads/details.aspx?FamilyID=584CACF6-78F1-47DF-90D7-9CD87B358712&displaylang=en

Before installing, you need to make sure FTP services have not been previously installed using Server Manager as shown below:

The installation is pretty easy, more or less a click Next/Next/Next/Finish kind of install.

At this point, we need a SSL Certificate. In the video, Chris created a Self-Signed Certificate using IIS Manager to demonstrate the Secure FTP capabilities.

Next, to create a new FTP site. Open Server Manager and expand Roles | Web Server (IIS). Highlight Internet Information Services.

Within the IIS Manager window, expand the IIS server and right-click Sites. Select Add FTP Site.

Enter the FTP Site Information.

On the Binding and SSL Settings window, if necessary, specify an IP Address and Virtual Host and then select an SSL Certificate.

On the Authentication and Authorization Information window, select Basic as the Authentication method and then under Authorization, specify the group(s) which will have access to the site, and their permissions.

Click Finish to create SecureFTP.

At this point, two netsh commands need to be executed to open the firewall. They are shown below:

You will need to download your own Secure FTP client however. Chris used FileZilla in his video, but I’ve also read that SmartFTP will work also.

FileZilla can be found here.
SmartFTP can be found here.

I used FileZilla and once installed, I created a new site manager configuration using the settings below:

Ideally, your secure FTP client connects and you are able to upload files! Watch Chris’ video when you get a moment and enjoy this new capability.

8 Comments

Filed under Windows Server

8 responses to “Secure FTP on Windows Server 2008

  1. Anonymous

    This is not 'Secure FTP' or SFTP: SFTP uses an SSH connection to encrypt/decrypt the transfer.

    The process described here uses SSL instead (i.e. FTPS), which is another way of encrypting the transmission, but technically NOT SFTP. (This relevant because a connection from a client using SFTP will not work).

  2. Anonymous

    So, securing FTP-access using SSL is sufficient.
    SSTP-tunneling works fine for every service you need to access.
    Be sure to use a widely accepted Certificate

  3. Best FTP hosting service should provide it users with features such as daily backup, software support, security tools like SSL and SSH, suitable uptime, private FTP account and technical support.

  4. May I know FTPS using which TCP ports?

    This is required to configure gateway level firewall.

    Can you please provide this information at earliest?

  5. Anonymous

    Ftp port number is 21.. You need configure port 21 in firewall for external access.

    Thanks,

    Techhowknow

  6. Great post. Utilizing a secure ftp hosting service is critical for the modern business. Invest in a company that has the know-how, great service and quality prices.

  7. Neel

    Do we need to specify client certificate?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s