Difference between revisions of "FTP over TLS"
(more details about implicit/explicit, a bit of layout clean up, and link this orphan page back into "FTPS_using_Explicit_SSL/TLS_howto_(Server)" found in "support".) |
|||
| Line 3: | Line 3: | ||
=== Server Setup === | === Server Setup === | ||
| − | Open the admin interface, and go to settings. Choose SSL/TLS settings, and choose to generate a new certificate. The two digit country code can be found by googleing (United States is just US - it can be confusing that two digit can be two letters, and not necessarily two numbers only). | + | Open the admin interface, and go to settings. Choose SSL/TLS (FTPS) settings, and choose to generate a new certificate. The two digit country code can be found by googleing (United States is just US - it can be confusing that two digit can be two letters, and not necessarily two numbers only). |
Once you have generated the certificate, and chosen where to save it, filezilla will auto fill in the private key file, and the certificate file fields to point to the generated certificate. | Once you have generated the certificate, and chosen where to save it, filezilla will auto fill in the private key file, and the certificate file fields to point to the generated certificate. | ||
| − | At this point, you can either choose to allow SSL/TLS if the user opts, or you can force them to always use SSL/TLS, and not allow them to connect if they do not use it. | + | At this point, you can either choose to allow SSL/TLS if the user opts, or you can force them to always use SSL/TLS, and not allow them to connect if they do not use it. |
I am not 100% on the force PROP P stuff, so I am going to leave this blank for someone more informed to discuss. | I am not 100% on the force PROP P stuff, so I am going to leave this blank for someone more informed to discuss. | ||
| + | |||
| + | Also see [[FTPS_using_Explicit_SSL/TLS_howto_(Server)|FTPS using Explicit SSL/TLS howto (Server)]]. | ||
=== Client Setup === | === Client Setup === | ||
| − | + | For a client to connect to a server using SSL, then the host for that connection needs to be set to FTPS. In FireZilla client this means prefixing the host with "FTPES://" for "explicit" FTPS, or "FTPS://" for the legacy "implicit" FTPS. | |
| + | |||
| + | ==== Certificate Removal ==== | ||
| + | |||
| + | The file {{Path|trustedcerts.xml}} contains certificates for secure websites that you have told your FireZilla client to trust connections to. This file should not be confused with any certificates you have in use if you use FireZilla as a server as well. | ||
| + | ===== Windows ===== | ||
| + | In order to remove a saved certificate, navigate to {{Path|%APPDATA%\FileZilla}} and delete, rename or modify the {{Path|trustedcerts.xml}} file. | ||
| − | == | + | ===== Linux ===== |
| − | + | In order to remove a saved certificate rename or modify the file {{Path|~/.filezilla}}. | |
| − | == | + | == Explicit vs Implicit FTPS == |
| − | == | + | FTPS (SSL/TLS) is served up in two incompatible modes. Explicit is a server that require the client to explicitly switch into secure (SSL/TLS) mode with "AUTH TLS", whereas implicit is an older style service that only assume SSL/TLS mode right from the start (and normally listen on TCP port 990, rather than 21). In a FireZilla client this means prefixing the host with "FTPES://" to connect an "explicit" FTPS server, or "FTPS://" for the legacy "implicit" server (for which you will likely also need to set the port to 990). |
| − | + | ||
| + | == SSL/TLS (FTPS) vs SSH (SFTP) == | ||
| + | |||
| + | FTPS (FTP encrypted with SSL/TLS) should not be confused with SFTP (SSH). The later is a completely different protocol, with more information [[Howto|here]]. | ||
Revision as of 17:52, 17 July 2009
Setup
Server Setup
Open the admin interface, and go to settings. Choose SSL/TLS (FTPS) settings, and choose to generate a new certificate. The two digit country code can be found by googleing (United States is just US - it can be confusing that two digit can be two letters, and not necessarily two numbers only).
Once you have generated the certificate, and chosen where to save it, filezilla will auto fill in the private key file, and the certificate file fields to point to the generated certificate.
At this point, you can either choose to allow SSL/TLS if the user opts, or you can force them to always use SSL/TLS, and not allow them to connect if they do not use it.
I am not 100% on the force PROP P stuff, so I am going to leave this blank for someone more informed to discuss.
Also see FTPS using Explicit SSL/TLS howto (Server).
Client Setup
For a client to connect to a server using SSL, then the host for that connection needs to be set to FTPS. In FireZilla client this means prefixing the host with "FTPES://" for "explicit" FTPS, or "FTPS://" for the legacy "implicit" FTPS.
Certificate Removal
The file trustedcerts.xml contains certificates for secure websites that you have told your FireZilla client to trust connections to. This file should not be confused with any certificates you have in use if you use FireZilla as a server as well.
Windows
In order to remove a saved certificate, navigate to %APPDATA%\FileZilla and delete, rename or modify the trustedcerts.xml file.
Linux
In order to remove a saved certificate rename or modify the file ~/.filezilla.
Explicit vs Implicit FTPS
FTPS (SSL/TLS) is served up in two incompatible modes. Explicit is a server that require the client to explicitly switch into secure (SSL/TLS) mode with "AUTH TLS", whereas implicit is an older style service that only assume SSL/TLS mode right from the start (and normally listen on TCP port 990, rather than 21). In a FireZilla client this means prefixing the host with "FTPES://" to connect an "explicit" FTPS server, or "FTPS://" for the legacy "implicit" server (for which you will likely also need to set the port to 990).
SSL/TLS (FTPS) vs SSH (SFTP)
FTPS (FTP encrypted with SSL/TLS) should not be confused with SFTP (SSH). The later is a completely different protocol, with more information here.
