How to Set SSL for Serv-U and how to enable SSL connection error for FlashFxp

Source: Internet
Author: User
Tags socket error ftp client ssl connection

The FTP client is FlashFTP.

The FTP server is Serv-U.

1. Enable SSL encryption protocol for Serv-U
I. Create an SSL Certificate
To use the SSL function of Serv-U, you must support the SSL certificate. Although Serv-U has automatically generated an SSL certificate at the time of installation, the default SSL certificate is the same in all Serv-U servers and is very insecure, therefore, we need to manually create a unique SSL certificate.

Step 1: In the "Serv-U administrator" window, expand the "local server → Settings" option and switch to the "SSL Certificate" tab.

Step 2: Create a new SSL certificate. First, enter the IP address of the FTP server in the "common name" column, and then fill in the content of other topics, such as email, organization, and organization, based on the user's situation. Then, click the "Apply" button below. Then, Serv-U will generate a new SSL certificate.

Step 3: switch to the "advanced" tab, select the "enable security" option, and click the "application" button below to complete the settings.

II. Enable SSL
Although a new SSL certificate is created for the Serv-U server, by default, Serv-U does not enable the SSL function. To use this SSL certificate, first, you must enable the SSL function of Serv-U.

Step 1: Enable the SSL feature with the domain name "softer" in the Serv-U server. In the "Serv-U administrator" window, expand the "local Server> domain> softer" option in sequence.

Step 2: Find the "Security" drop-down list option in the "Domain" Management box on the right. Here Serv-U provides three options: "Only rule FTP, no SSL/TLS process "," allow SSL/TLS and rule process ", and" only allow SSL/TLS process ". By default, serv-U uses "only FTP rules, no SSL/TLS processes", so SSL encryption is not enabled.

Step 3: Select the "allow SSL/TLS processes only" option in the "Security" drop-down box, and click "Apply" to enable the SSL function of the softer domain.
TIPS: After the SSL function is enabled, the default port number used by the Serv-U server is no longer "21", but "990". Be sure to pay attention when logging on to FTP, otherwise, the server cannot be connected to the Serv-U server.

Step 4: Click the FTP account. On the "General" tab on the right, select the "Secure link required" option and click "application" to complete the configuration.

III. use SSL encryption to connect to FTP
After the SSL function of the Serv-U server is enabled, you can use this function to securely transmit data, but the FTP client must support the SSL function. If we directly use IE to log on, an error message will appear, because IE does not support SSL transmission.
Of course, there are many FTP client programs that support SSL now. Taking the "FlashFXP" program as an example, we will introduce how to connect to the Serv-U server with the SSL function enabled.

Step 1: After running the "FlashFXP" program, click "session> quick connection" to bring up the "quick connection" dialog box, in the server or URL field, enter the IP address of the Serv-U server. In the port field, enter "990" because after the Serv-U server enables the SSL function, the port number is changed from "21" to "990 ".

Step 2: Enter the "user name" and "password" for logging on to the FTP server ".

Step 3: switch to the "SSL" tab and select the "absolute SSL" option. This step is critical. If "absolute SSL" is not selected ", you cannot connect to the Serv-U server. Click "Connect. Select the four options under "absolute SSL" based on the actual transmission conditions. Generally, you can select either or all options by default.

Step 4: When you connect to the Serv-U server for the first time, FlashFXP will pop up a "certificate" dialog box. Then, you only need to click "accept and save, after downloading the SSL certificate to your local computer, you can successfully connect to the Serv-U server. data transmission between the server and Serv-U will be protected by the SSL function, it is no longer transmitted in plain text, so that you no longer have to worry about FTP account theft and sensitive information theft. At the bottom of FlashFXP, we will also see a small lock icon, which indicates that the current transmission is encrypted and secure.
TIPS: if we only choose to accept the certificate, this certificate dialog box will pop up every time you log on to FTP.

TIPS: What is the SSL encryption protocol? The SSL protocol (Secure Socket Layer) is a Secure communication protocol launched by Netscape. It can provide strong protection for credit card and personal information. SSL is the protocol used to encrypt the entire session between computers. In SSL, public keys and private keys are used. Therefore, after using the SSL protocol, we can ensure that the data transmitted in the network is not stolen by illegal users.

FlashFxp: SSL connection enabled: Data Socket error: Connection rejected Solution
According to the above tutorial, the client uses FlashFxp, but unfortunately the connection fails. the following error message is displayed: [right] data Socket error: Connection rejected
[Right] list Error
[Right] PASV mode failed. Try PORT mode.
[Right] list Error
Error cause
This error does not indicate that the method of enabling SSL encryption for Serv-U is incorrect, in general, PASV port is not mapped on the route, or only enabled ports are set in "TCP/IP screening", for example, only TCP ports: 80, 21,990, and are allowed. If so, the above error will occur.
Step 1: Because PASV ports are controlled by Serv-U by default, the random range is too large to be controlled, so we must first narrow the PASV port range. In the "Serv-U administrator" window, expand the "local server → Settings" option and switch to the "advanced" tab.

Step 2: Set "PASV port range ". Set it as needed. For example, set it to 991-991. The key problem here is that the port range of PASV is set to allow the PASV port. If the route is used, the port 991 must be mapped to the server; if "TCP/IP filtering" is used, you need to add this port and restart it to take effect. Of course, I only fill in one port, so fill in 991-991, you can also fill in a continuous port, automatically allocated by Serv-U. For example, you can enter 991-999. Similarly, all the nine ports 991-999 must be mapped or allowed.

The text is from [rongsen network security maintenance base]!




Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.