SSL encryption improves FTP server security

Source: Internet
Author: User
Tags ftp ftp client ssl certificate port number
The general FTP server is in plaintext transmission of data, security is very poor, information is easily stolen, even if it provides SSL encryption, by default may not be enabled, such as the Common Serv-u FTP server (hereinafter referred to as Serv-u). In order to ensure data security in a particular environment, it is sometimes necessary to enable SSL functionality. The following is an example of a serv-u server that describes how to enable SSL encryption.

Creating an SSL Certificate

To use the Serv-u SSL feature, you will of course need the SSL certificate support to do so. Although Serv-u has automatically generated an SSL certificate at the time of installation, this default generated SSL certificate is the same in all Serv-u servers and is very insecure, so we need to create a new SSL certificate manually.

The author takes serv-u5.0 version as an example, in the "Serv-u Administrator" window, expand the local server → settings option, and then switch to the SSL Certificate tab, where I create a new SSL certificate.

First in the "Ordinary name" column to enter the IP address of the FTP server, and then the contents of other columns, such as e-mail, organization and units, according to the user's situation to fill out, complete the SSL Certificate label page after filling in all the content, click the "Apply" button below, The serv-u will then generate a new SSL certificate.

Enable SSL Features

Although a new SSL certificate has been created for the Serv-u server, the serv-u is not enabled by default, and to enable this SSL certificate, the Serv-u SSL feature will be enabled first.

Here I want to enable the Serv-u server domain name is "RTJ" the SSL function. In the Serv-u Administrator window, expand the local server → domain →rtj option, and then locate the Security Drop-down list option in the Domain management box on the right. Here Serv-u provides 3 options, namely "rule ftp only, no SSL/TLS process", "Allow ssl/tls and rule processes", "Allow only ssl/tls processes", by default, Serv-u uses "only regular FTP, no SSL/TLS process", Therefore, the SSL encryption feature is not enabled. Here, the author selects the "Allow Ssl/tls process only" option in the "Security" drop-down box, and then clicks the "Apply" button to enable the SSL feature of the RTJ domain.

Note: When SSL is enabled, the default port number used by the Serv-u server is no longer "21", but "990", the FTP user must pay attention, otherwise you will not be able to successfully connect the SERV-U server.

SSL Application

After you enable the SSL feature of the Serv-u server, you can use this feature to securely transfer data, but the FTP client program must support the SSL feature.

SSL-enabled FTP client programs are now more, the author of the "Flash FXP" program as an example, describes how to successfully connect to the SSL-activated Serv-u server. After running the "FlashFXP" program, click on the "session → Quick connect" option, pop-up "Quick Connect" dialog box, in the "Server or URL" column, enter the IP address of the Serv-u server, in the "Port" column must enter "990", this is because the Serv-u server to enable SSL features , the port number changes from "21" to "990" and the user's login account is entered in the Username and password fields.

Then switch to the SSL tab and select the implicit SSL option, which is critical, and you cannot successfully connect to the SERV-U server without selecting implicit SSL. Finally, click on the "Connect" button.

When the user first connects to the Serv-u server, Flash FXP will pop up a "certificate" dialog box, when the user clicks on the "Accept and save" button, the SSL certificate is downloaded to the local, you can successfully connect to the Serv-u server, Data transfer between later and Serv-u servers will be protected by SSL, no longer in plaintext, so there is no need to worry about the theft of FTP accounts and the theft of sensitive information.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.