FTPS is an extension of the File Transfer ( FTP ) which allows communications between a client and a server to be encrypted. FTPS uses Secure Sockets Layer ( SSL ) certificates to authenticate parties and ensure data confidentiality and integrity. Windows -based FTP server , and how to connect to that server with a compatible FTP client.
What are the advantages of FTPS?
FTPS offers several advantages over traditional FTP:
- It protects your files against eavesdropping, modification or theft by malicious third parties.
- It allows you to comply with the security and compliance standards in force in certain sectors of activity or countries.
- It builds trust between you and your partners, customers or suppliers who access your files.
What are the prerequisites for configuring FTPS?
To configure FTPS on an FTP server, you must have the following:
- A Windows Server 2008 or higher server with the Internet Information Services (IIS) role installed.
- An FTP site created in IIS.
- A valid SSL certificate, purchased or obtained from a recognized certificate authority, or generated by you (self-signed).
How to create a self-signed SSL certificate?
If you don't have a valid SSL certificate, you can create one yourself with IIS. Please note, this type of certificate is not reliable and should only be used for testing purposes. Here are the steps to follow:
- Open Internet Information Services (IIS) Manager.
- Select the server in the tree on the left, then double-click Server Certificates to open it.
- In the right menu, click Create Self-Signed Certificate…
- Enter a friendly name for the certificate. Choose something that is easy to recognize.
- A certificate is created. The expiration date is one year.
How to enable FTPS on an FTP site?
Once you have an SSL certificate, you can enable FTPS on your FTP site. Here are the steps to follow:
- Open Internet Information Services (IIS) Manager.
- Select the FTP site in the tree on the left, then double-click FTP SSL Settings to open it.
- Select the certificate you just created or already have from the drop-down list.
- You can choose between two encryption modes: explicit or implicit. Explicit mode allows the client to choose whether they want to use FTPS or not. Implicit mode enforces the use of FTPS and uses port 990 instead of port 21. Choose the mode that suits your use case.
- You can also require an SSL connection for anonymous or authenticated users, or for all users. If you want to use FTPS only, check the box An SSL connection is required.
- When you're done, click Apply in the right menu.
How to test connectivity with an FTP client?
To test connectivity with your FTPS server, you must use an FTP client that supports SSL encryption. For example, you can use WinSCP, free and open source software. Here's how to do it:
- Download and install WinSCP on your computer.
- Launch WinSCP and create a new session.
- Enter your FTPS server address, port, username, and password. If you use implicit mode, the port is 990. Otherwise, it is 21.
- Choose FTP as the file protocol and check the SSL/TLS encryption box.
- Click Login.
- You will receive a warning if your certificate is self-signed or unrecognized. This is normal because it is an untrusted certificate. If you want to continue, click Yes and allow it.
- You should see the files and folders for your FTPS server. In the lower right corner, you will see a key icon which indicates that the connection is encrypted.
FAQs
Here are some frequently asked questions about FTPS:
What is the difference between FTPS and SFTP?
FTPS is an extension of the FTP protocol that uses SSL to encrypt communications. SFTP is a separate protocol that uses SSH to establish a secure connection and transfer files. Both protocols provide a high level of security, but they are not compatible with each other. You should choose the protocol based on the server and client you are using.
What are the disadvantages of FTPS?
FTPS has some disadvantages compared to classic FTP:
- It requires purchasing or obtaining a valid SSL certificate, or creating a self-signed certificate that is not trusted.
- It may be blocked by some firewalls or routers that do not support SSL encryption.
- It may be slower than FTP due to the time required to establish the secure connection and encrypt the data.
How to renew or change the SSL certificate used by FTPS?
To renew or change the SSL certificate used by FTPS, you must follow the same steps as to activate it. You must first obtain a new SSL certificate and then select it in the FTP SSL settings of your FTP site. You should also notify your clients of the certificate change and ask them to accept the new certificate when connecting.
How do I disable FTPS if I no longer need it?
To disable FTPS, you must change the FTP SSL settings of your FTP site. You can choose not to use an SSL certificate, or not to require an SSL connection for users. You should also inform your clients of the protocol change and ask them to connect using simple FTP.
What other secure file transfer protocols can I use?
Besides FTPS, you can use SFTP, as mentioned earlier, or HTTPS. HTTPS is the protocol used by secure websites. It also uses SSL to encrypt communications. You can use HTTPS to transfer files using a web browser or a dedicated client. You must configure a website in IIS and enable SSL encryption to use HTTPS.
Conclusion
You learned how to configure FTPS on a Windows Server-based FTP server, and how to connect to that server with a compatible FTP client. FTPS is a simple and effective solution for securing your file transfers over the Internet or a local network. It allows you to protect your data against attacks and meet security and compliance standards. However, you may not be able to connect to the FTPS server and see the error message: “The server IP address could not be found”. To resolve the “Server IP address could not be found” error , you need to check several things, such as server address, Internet connection, firewall, SSL certificate, and date and your computer's time. If the problem persists, contact server or client technical support.
