Filezilla Ftp Over Tls

Posted onby admin

Generate Certificate (FTP over TLS) To accept TLS Connections FileZilla needs the next actions: create a new private key and generate a self signed certificate. Among the FileZilla options, select the SSL/TLS Settings. Tick Enable FTP over TLS support (FTPS) box. Open the admin interface, and go to settings. Choose FTP over TLS settings, and choose to generate a new certificate. The two digit country code can be found by searching the web (United States is just US - it can be confusing that two digit can be two letters, and not necessarily two numbers only).

Filezilla: The server’s certificate is unknown error prevents you from connecting to your server over secure FTP connection.

As now all is moving to https it’s also good to enable SSL/TLS for FTP to protect plain text login credentials.

As you can see on the above screenshot, the server SSL certificate seems to be expired, even though we know that this is not the case.

Obviously the FTP server is pulling the the wrong certificate.

Step #1: Find the SSL Server Configuration File

Let’s click on “Status” of the FTP Server:

This is what we see:

From this wee see that the configuration file is

Step #2: Find The SSL Certificate File Used By FTP Server

You can see it on the following line:

Step #3: Examine The SSL Certificate File

Let’s enter the following date in the SSH Console or Putty:

As we can see, the certificate contained in this file expired on Jan 4, 2020

This expiration date matches the date shown in red on Filezilla (see featured image of this post).

Step #4: Install SSL for FTP

Filezilla Ftp Over TlsFilezilla ftp over tls failed to retrieve directory listing

Our instruction will guide you to install and configure pure-ftpd to use SSL/TLS.


Hostname certificate needs to be already installed, check that these files exist:

In this case

  • Main SSL folder = /etc/pki/tls/
  • Certificate folder = /etc/pki/tls/certs/
  • Private key folder = /etc/pki/tls/

Create Certificate File for pure-ftpd

Warning: Make sure the above paths, file names and extensions are fully correct.

The above commands simply create a hostname.pem file by merging your host’s private key and its certificate.

Then the permission is set to 600.

Step #5: Failed To Retrieve Directory Listing (Explicit FTP over TLS)

Unless you modify your server settings, you will get this error:

Status: Connection established, waiting for welcome message…
Password required for user
Command: PASS *********
Logged on
Status: Connected
Status: Retrieving directory listing…
Command: MLSD
Error: Failed to retrieve directory listing

Therefore the following steps are needed:

Open /etc/pure-ftpd/pure-ftpd.conf

To to allow FTP and TLS sessions, set TLS to 1:

Then remove the # in front of the following 2 lines and make sure they point to the right file:

Set Passive Port Range in PureFTPD:

Filezilla Ftp Over Tls

and save the altered configuration file.

Note: On some servers you may be unable to directly edit the configuration file. In that case download it from the server, edit it in Notepad and re-upload it.

Now configure the firewall to accept incoming connections on CSF firewall.

You can do the following steps:

Filezilla Tls Version

  1. Edit /etc/csf/csf.conf and look for the line that begins with: TCP_IN
  2. add 60000:60100 to TCP_IN section.
  3. Reload the config in the firewall