Microsoft has created a new FTP service that has been completely rewritten for Windows Server® 2008. This FTP service incorporates many new features that enable web authors to publish content better than before, and offers web administrators more security and deployment options.
Install IIS and some roles.
One of the features is FTP over Secure Sockets Layer (SSL), which allows sessions to be encrypted between an FTP client and server. This document walks you through: setting up an FTP site; and, configuring that site to use SSL with the new FTP user interface, which allows you to directly edit the IIS 7.0 configuration files.

The following items are required to be installed to complete the procedures in this article:
Roles in IIS:
  • Basic Authentication
  • Windows Authentication
  • FTP Server
  • FTP Services
  • FTP Exstensibility

1. Creating a Certificate:
a. Create Self-Signed Certificate
You able to create certificate with self-signed certificate by clicking right menu under Actions. Type the friendly name ini the box and OK. Your certificate will appear in the list.

b. Create certificate Request
If you choose this one, you have to fill the form. Click the menu, and fill the form and next, in new windows, please choose Microsoft RSA SChannel Cryptographic Provider with bit length is 2048 and Next. In new windows please select the folder and give a name. The file extension will be .cer.
Please locate the file in dekstop(easy to find). After that, especially in my case, i using my Active Directory Certificate Service to convert my certificate. So i connect to the server, the detail are here:
  1. Request a certificate
  2. Advanced certificate request
  3. Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
  4. Paste CCR to the text box, and choose web server. Submit
  5. Choose DER encoder(cannot decode). if based 64 encode (anable to decode)
  6. Click Download certificate.

Go back to Internet Information Services Manager >> Server Certificate.
- Click Complete Certificate Request
- In File name containing the certification authority's response, please locate your cer file and fill the friendly name and Ok!
- Your certificate will appear in the list.

c. Create Domain Certificate
In my case, i using this option. But if your ftp server join with active directory, please login to your ftp server with domain admin, not local admin. If you login with local admin, you cannot "select" the server certificate. Click Create Domain Certificate, fill as usual, and then click select and select your root certificate and finish. simple.

2. Create FTP Server
a. Right click on the Sites under IIS, and click Add Ftp Site..
See and follow the image below:
Enter "My FTP" in the FTP site name box, then navigate to the "D:\Content". Note: If you choose to type in the path to your content folder, you can use environment variables in your paths.

Choose an IP address for your FTP site from the IP Address drop-down, or choose to accept the default selection of "All Unassigned." Because you will use the administrator account later in this walk-through, make sure that you restrict access to the server and enter the local loopback IP address for your computer by typing "" in the IP Address box.
You would normally enter the TCP/IP port for the FTP site in the Port box. For this walk-through, choose to accept the default port of 21.
For this walk- through, you do not use a host name, so make sure that the Virtual Host box is blank.
Make sure that the Certificates drop-down is set to your SSL certificate. For example, if you followed the optional step to create a self-signed certificate, the drop-down box should say "My FTP Certificate".
Make sure that the Allow SSL option is selected.
Click Next.


On my case:
I wish my ftp server can be access over browser, so i just open the browser and fill the ftps:// But isn't possible. i have researched on every forum. i just know that all broser not support for ftp secure like ftps. So i need third party client to access my ftp server. May be you can using WinSCP or Filezilla. I am sure u can using this app without clarificaiton.

When you are connect with WinSCP, in the first time you are accesses the server, you will be see certificate appear in the windows, before you accept the certificate, you can see the detail of the certificate.

Post a Comment