How To Create Sftp Server In Windows 2012

One of the master disadvantages of FTP for file transfer is the lack of protection and encryption means for the transferred data. When connecting to an FTP server username and password are also sent in articulate text. To transfer data (especially using public communication channels), it is recommended to use more secure protocols, like FTPS or SFTP. Allow'due south encounter how to configure an FTPS server on Windows Server 2012 R2 .

FTPS protocol (FTP over SSL/TLS, FTP+SSL) is an extension of the standard FTP protocol, but the connection betwixt a client and a server is protected (encrypted) using SSL /TLS. As a dominion, the same 21 port is used for connection.

Notation. Yous should not mix FTPS and SFTP (Secure FTP or SSH FTP). The latter is the extension of the SSH protocol having nothing in common with FTP.

Contents:

• Installation of the FTP Server Role
• How to Generate and Install an SSL Document in IIS
• How to Create an FTP Site with SSL Support
• FTPS and Firewalls
• How to Test FTP over SSL Connection

FTP over SSL support appeared in IIS 7.0 (Windows Server 2008). To brand an FTPS server work, you will take to install an SSL document on your IIS server.

Installation of the FTP Server Office

The installation of the FTP server role in Windows Server 2012 doesn't cause whatever issues and has been already described.

How to Generate and Install an SSL Certificate in IIS

So open the IIS Managing director console, select a server and become to the Server Certificates section.

In this section you can import a certificate, create certificate request, update a certificate or create a self-signed certificate. For demonstrative purposes, let'southward create a cocky-signed certificate. (Information technology can as well exist created using New-SelfSifgnedCertificate cmdlet.) When addressing a service, a warning that the certificate is issued past an untrusted CA will appear. To disable this warning for this certificate, add it to the list of trusted certificates using GPO.

Select Create Cocky-Signed Certificate.

In the Create Certificate wizard, specify its name and select Spider web Hosting type of the certificate.

A new self-signed certificate will appear in the list of available certificates. This document will expire in 1 year.

How to Create an FTP Site with SSL Support

Then you have to create an FTP site. In the IIS Manager console, correct-click Sites and create a new FTP site (Add FTP).

Specify its name and the path to the root directory of the FTP site (in our case, it is default path  C:\inetpub\ftproot ).

In the next window of the wizard, select the certificate you lot have created in the SSL certificates section.

At present you only have to select the type of authentication and user access permissions.

Click End in the wizard window. By default, SSL protection is mandatory and used to encrypt both management commands and transferred data.

FTPS and Firewalls

When using FTP protocol, 2 unlike TCP connections are used, one is for command transfer and another is for data transfer. For each data transfer channel, an private TCP port is opened, which number is selected by a client or a server. Most firewalls allow to inspect FTP traffic, and after analyzing it, automatically open the necessary ports. When using protected FTPS connection, the transferred data are encrypted and non subject area to analysis. Equally the result, a firewall cannot determine, which port has to be opened for data transfer.

In guild non to open the whole range of TCP ports 1024-65535 to an FTPS server from outside, you tin can specify the range of used addresses for the FTP server. The range is specified in the IIS site settings in FTP Firewall Support section.

After the range of ports has been changed, restart the service (iisreset).

The following rules are responsible for the incoming traffic in the Windows Firewall:

• FTP Server (FTP Traffic-In)
• FTP Server Passive (FTP Passive Traffic-In)
• FTP Server Secure (FTP SSL Traffic-In)

So, you will have to open ports 21, 990 and 50000-50100 (the range of ports you select) on the forepart firewall.

How to Examination FTP over SSL Connection

To test an FTPS connexion, let'due south use Filezilla.

1. Start FileZilla (or any other customer supporting FTPS).
2. Click File > Site Director, and create a new connection (New Site).
3. Specify the FTPS server address (Host), protocol type (Require explicit FTP over TLS), user name (User) and the requirement to enter a password to cosign (Enquire for countersign )
4. Click Connect and enter your password.
5. The warning of the untrusted document will appear (in instance of using self-signed certificate). Confirm the connexion.
6. The connection has to exist established, and the following entries volition announced in the log:
   Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connectedness established.
7. It means that the secure connection is established and yous can transfer files using FTPS protocol.

Source: http://woshub.com/ftp-over-ssl-ftps-windows-server-2012-r2/

Posted by: mcmullenwhinevesock1945.blogspot.com

Share this post