Enhance FTP server security with SSL encryption

Source: Internet
Author: User
Tags ftp client

Generally, FTP servers transmit data in plaintext mode, which is very secure and information is easily stolen. Even if it provides SSL encryption, it may not be enabled by default, for example, the commonly used Serv-u ftp Server (Serv-U ). To ensure data security in special environments, it is sometimes necessary to enable the SSL function. The following uses the Serv-U server as an example to describe how to enable SSL encryption.

Create an SSL Certificate

To use the SSL function of Serv-U, you must support the SSL certificate. Although Serv-U has automatically generated an SSL certificate at the time of installation, the default SSL certificate is the same in all Serv-U servers and is very insecure, therefore, we need to manually create a new SSL certificate.

Take Serv-U5.0 Chinese edition as an example, in the "Serv-U administrator" window, expand the "local server → Settings" option, then switch to the "SSL Certificate" tab (), here I create a new SSL certificate.

First, enter the IP address of the FTP server in the "common name" column, and then fill in the content of other topics, such as emails, organizations, and units, according to the user's situation, after entering all the content in the SSL Certificate tab, click the "Apply" button below. Then, Serv-U will generate a new SSL certificate.

Enable SSL

Although a new SSL certificate is created for the Serv-U server, by default, Serv-U does not enable the SSL function. To use this SSL certificate, first, you must enable the SSL function of Serv-U.

Here, I want to enable the SSL function with the domain name "RTJ" in the Serv-U server. In the "Serv-U administrator" window, expand the "local Server> domain> RTJ" option, and then find the "Security" drop-down list option in the "Domain" Management box on the right. Here Serv-U provides three options: "Only rule FTP, no SSL/TLS process "," allow SSL/TLS and rule process ", and" only allow SSL/TLS process ". By default, serv-U uses "only FTP rules, no SSL/TLS processes", so SSL encryption is not enabled. Here, I select the "allow SSL/TLS processes only" option in the "Security" drop-down box, and then click "Apply" to enable the SSL FUNCTION OF THE RTJ domain.

Note: After the SSL function is enabled, the default port number used by the Serv-U server is no longer "21", but "990". This is important for FTP users, otherwise, the server cannot be connected to the Serv-U server.

SSL Application

After the SSL function of the Serv-U server is enabled, you can use this function to securely transmit data, but the FTP client must support the SSL function.

There are also many FTP client programs that support SSL. Taking the "Flash FXP" program as an example, I will introduce how to successfully connect to the Serv-U server with SSL Enabled. After running the "FlashFXP" program, click "session → quick connection" to bring up the "quick connection" dialog box. In the "server or URL" column, enter the IP address of the Serv-U server, enter "990" in the "Port" column, because after the SSL function is enabled on the Serv-U server, the port number changes from "21" to "990 "; then, enter the user's Logon account in the "username" and "password" columns.

Switch to the "SSL" tab and select the "implicit SSL" option. This step is critical. If you do not select "implicit SSL", you cannot connect to the Serv-U server. Click "Connect.

When you connect to the Serv-U server for the first time, Flash FXP will pop up a "certificate" dialog box. Then, you only need to click "accept and save" to download the SSL certificate to your local device, the server can be successfully connected to the Serv-U server. data transmission between the server and Serv-U will be protected by the SSL function and will not be transmitted in plaintext, in this way, you no longer have to worry about the theft of FTP accounts and the theft of sensitive information.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.