Setting Up a Secure FTP Server in IIS with SSL with Windows Infrastructure Administration
Setting Up Secure – Step-by-step guide to Setting Up a Secure FTP Server in IIS with SSL with Windows Infrastructure Administration, including configuration, deployment,
Useful external reference: Microsoft Learn.
Introduction
Setting Up Secure – To create a secure FTP server using IIS, We will need to :
Useful external reference: Microsoft Learn.
- A group in the Active Directory for FTP permissions
- A self-signed certificate
- The creation of the FTP in IIS
- Connecting to the FTP using FileZilla
Prerequisites
IIS Feature
- Add FTP server Rôle
AD Group
- I will use an existing group in my LAB: SupportN2
- I’m adding the authorized users to use the FTP to this group
Self-signed certificate
Setting Up Secure – Creating a self-signed certificate using PowerShell
Useful external reference: Microsoft Learn.
New-SelfSignedCertificate -FriendlyName "Certificat FTP" -DnsName "epmpxe.leblogosd.lan" -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:LocalMachineMy" -NotAfter (get-date).AddYears(10)
IIS Configuration
- In IIS, create your FTP site
- Specify the folder path
- We will use port 990 (FTP SSL) with the certificate we created
- Only our AD group will have read/write connection rights.
Connecting with Filezilla
- Create a new site in Filezilla (required due to the configuration)
- With Server Name
- Protocol => Implicit FTP over TLS => The port will automatically be 990 (If we select Explicit Connection, the port will then be 21, which is not our case)
- Force Active mode (only port 990 is open).
- We can force UTF8, but it’s not mandator
- During the first FTP connection, a message will indicate that it’s a self-signed certificate. Please confirm.
virtual directory not visible
Setting Up Secure – Enable “Virtal directories” in FTP Directory Browsing option
Useful external reference: Microsoft Learn.
