To ensure data security in special environments, it is sometimes necessary to enable the SSL function. The following uses the Serv-U server as an example to describe how to enable SSL encryption.
Create an SSL Certificate
To use the SSL function of Serv-U, you must support the SSL certificate. Although Serv-U has automatically generated an SSL certificate at the time of installation, the default SSL certificate is the same in all Serv-U servers and is very insecure, therefore, we need to manually create a new SSL certificate.
Take Serv-U6.0 Chinese edition as an example, in the Serv-U administrator window, expand the local server → settings option, and then switch to the SSL Certificate tab, here I create a new SSL certificate.
First, enter the IP address of the FTP server in the "common name" column, and then fill in the content of other topics, such as emails, organizations, and units, according to the user's situation, after entering all the content in the SSL Certificate tab, click the "Apply" button below. Then, Serv-U will generate a new SSL certificate.
Enable SSL
Although a new SSL certificate is created for the Serv-U server, by default, Serv-U does not enable the SSL function. To use this SSL certificate, first, you must enable the SSL function of Serv-U.
To enable the SSL feature with the domain name "SFTP" in the Serv-U server. In the "Serv-U administrator" window, expand the "local Server> domain> RTJ" option, and then find the "Security" drop-down list option in the "Domain" Management box on the right. Here Serv-U provides three options: "Only rule FTP, no SSL/TLS process "," allow SSL/TLS and rule process ", and" only allow SSL/TLS process ". By default, serv-U uses "only FTP rules, no SSL/TLS processes", so SSL encryption is not enabled. Here, I select the "allow SSL/TLS processes only" option in the "Security" drop-down box, and then click "Apply" to enable the SSL function of the SFTP domain.
Note: After the SSL function is enabled, the default port number used by the Serv-U server is no longer "21", but "990". This is important for FTP users, otherwise, the server cannot be connected to the Serv-U server.
SSL Application , Using the client for data transmission
After the SSL function of the Serv-U server is enabled, you can use this function to securely transmit data, but the FTP client must support the SSL function.
There are also many FTP client programs that support SSL. Taking the "Flash FXP" program as an example, I will introduce how to successfully connect to the Serv-U server with SSL Enabled. After running the "FlashFXP" program, click "session → quick connection" to bring up the "quick connection" dialog box. In the "server or URL" column, enter the IP address of the Serv-U server, enter "990" in the "Port" column, because after the SSL function is enabled on the Serv-U server, the port number changes from "21" to "990 "; then, enter the user's Logon account in the "username" and "password" columns.
Switch to the "SSL" tab and select the "implicit SSL" option. This step is critical,
If "absolute SSL" is not selected, the server cannot be connected to the Serv-U server. Click "Connect.
When you connect to the Serv-U server for the first time, Flash FXP will pop up a "certificate" dialog box. Then, you only need to click "accept and save" to download the SSL certificate to your local device, you can successfully connect to the Serv-U server,
In the future, data transmission between the server and Serv-U will be protected by the SSL function and will not be transmitted in plain text, so that you do not have to worry about FTP account theft, sensitive information is stolen.