FTPS (FTP over SSL) was introduced on Windows servers starting from IIS 7.0, where it was a stand-alone additional element and a separate download was required. IIS 7.5 and each forthcoming version has FTPS functionality from the box, hence only IIS Manager and/or FTP service, which is included to IIS package, needs to be installed in order to have an opportunity to setup secure FTP connection.
Before proceeding to the instructions below, make sure that the following prerequisites have been considered:
Let us describe the process of adding an SSL-enabled FTP site and configuring its SSL settings.
Creating an SSL-enabled FTP site
Enter a name for a FTP site in the FTP site name field. Specify the path to the root folder in the Physical Path field. Actual path to FTP root folder may be different from the one, displayed on the screenshot as an example. After all fields are filled in, click Next to proceed.
Once all settings are done here, click Next to move on.
Configuring additional SSL Settings for FTP site
Generally, an FTP communication between Windows server and client is split to a control channel, used for authentication and sending FTP commands, and a data channel, used for data transfer.
Means of IIS Manager and FTP Service offer flexible settings in order to allow FTP clients to decide, whether FTP traffic should be encrypted partially or completely.
|Control Channel Policy||Data Channel Policy||Description|
|SslAllow||SslAllow||This configuration allows the client to decide whether any part of the FTP session should be encrypted.|
|SslRequireCredentialsOnly||SslAllow||This configuration protects FTP client credentials from eavesdropping and allows the client to decide whether data transfer should be encrypted.|
|SslRequireCredentialsOnly||SslRequire||This configuration requires that the client's credentials must be secure and then allows the client to decide whether FTP commands should be encrypted. However, all data transfers must be encrypted.|
|SslRequire||SslRequire||This configuration is the most secure - the client must negotiate SSL by using the FTPS-related commands before other FTP commands are allowed, and all data transfers must be encrypted.|
Let us see how to modify the above-mentioned settings using IIS Manager:
Once all set, click OK and then Apply in the Actions pane on the right side of IIS Manager to save configurations changes.