Generate Certificate (FTP over TLS) To accept TLS Connections FileZilla needs the next actions: create a new private key and generate a self signed certificate. Among the FileZilla options, select the SSL/TLS Settings. Tick Enable FTP over TLS support (FTPS) box. Open the admin interface, and go to settings. Choose FTP over TLS settings, and choose to generate a new certificate. The two digit country code can be found by searching the web (United States is just US - it can be confusing that two digit can be two letters, and not necessarily two numbers only).
Filezilla: The server’s certificate is unknown error prevents you from connecting to your server over secure FTP connection.
As now all is moving to https it’s also good to enable SSL/TLS for FTP to protect plain text login credentials.
As you can see on the above screenshot, the server SSL certificate seems to be expired, even though we know that this is not the case.
Obviously the FTP server is pulling the the wrong certificate.
Step #1: Find the SSL Server Configuration File
Let’s click on “Status” of the FTP Server:
This is what we see:
From this wee see that the configuration file is
Step #2: Find The SSL Certificate File Used By FTP Server
You can see it on the following line:
Step #3: Examine The SSL Certificate File
Let’s enter the following date in the SSH Console or Putty:
As we can see, the certificate contained in this file expired on Jan 4, 2020
This expiration date matches the date shown in red on Filezilla (see featured image of this post).
Step #4: Install SSL for FTP
Our instruction will guide you to install and configure pure-ftpd to use SSL/TLS.
Hostname certificate needs to be already installed, check that these files exist:
In this case
- Main SSL folder = /etc/pki/tls/
- Certificate folder = /etc/pki/tls/certs/
- Private key folder = /etc/pki/tls/
Create Certificate File for pure-ftpd
Warning: Make sure the above paths, file names and extensions are fully correct.
The above commands simply create a hostname.pem file by merging your host’s private key and its certificate.
Then the permission is set to 600.
Step #5: Failed To Retrieve Directory Listing (Explicit FTP over TLS)
Unless you modify your server settings, you will get this error:
Status: Connection established, waiting for welcome message…
Command: USER XXXXXX
Password required for user
Command: PASS *********
Status: Retrieving directory listing…
Error: Failed to retrieve directory listing
Therefore the following steps are needed:
To to allow FTP and TLS sessions, set TLS to 1:
Then remove the # in front of the following 2 lines and make sure they point to the right file:
Set Passive Port Range in PureFTPD:
Filezilla Ftp Over Tls
and save the altered configuration file.
Note: On some servers you may be unable to directly edit the configuration file. In that case download it from the server, edit it in Notepad and re-upload it.
Now configure the firewall to accept incoming connections on CSF firewall.
You can do the following steps:
Filezilla Tls Version
- Edit /etc/csf/csf.conf and look for the line that begins with: TCP_IN
- add 60000:60100 to TCP_IN section.
- Reload the config in the firewall