1. Internet Information Services 7.0 installed.
2. Windows Server 2008 or Vista.
3. Download FTP Publishing Service 7.5
- mkdir “c:\inetpub\ftproot\ftp.mydomain.com”
- cacls “c:\inetpub\ftproot\ftp.mydomain.com” /G administrators:F /T /E
- cacls “c:\inetpub\ftproot\ftp.mydomain.com” /G username:F /T /E
C Change (write)
F Full control
Before installing FTP Publishing Service 7.5 over IIS 7.0 be sure that you uninstall any previous versions of FTP Publishing Service.
- When the installation program of Microsoft FTP Service for IIS 7.0 begins, click Next.
- Accept the End-User License Agreement and click Next.
- Select the features you want to be installed and click Next.
- Click Install to begin the installation.
- At the end click Finish.
Creating the Certificate
After the installation finishes we open Internet Information Services 7.0 Manager and we select Server Certificates to create a self-signed SSL certificate. Another option is to create a certificate request to process with a 3rd party SSL provider which is recommended for production systems as they are from a trusted root.
Click on Create Self-Signed Certificate…
Specify a certificate name and click OK:
Creating the FTP Site
Right click the Sites node in the tree and click Add FTP Site…
On the Add FTP Site wizard add the FTP site name and select the path we created in the prerequisites and click Next.
On the next page of the wizard we click the Require SSL option and we choose our SSL Certificate then we click Next.
On the next page of the wizard we select Basic for Authentication and on Allow access to we select specified users and we define our backup ftp account with read and write permissions then we click on Finish. In case we want to allow anonymous ftp connections select Anonymous authentication and on Permissions we select the Read.
Configure the Firewall
If we are behind a firewall we should configure the FTP Firewall Support under Internet Information Services Manager and configure our firewall ports to accept passive connections on the ports we specify. In case we want to use dynamic port range under Data Channel Port Range we enter port range “0-0?.
Configure the FTP Client (FileZilla for example)
Configure FTP Client to connect to our FTP Site using FTP over explicit TLS/SSL.
In case you get “534 Local policy on server does not allow TLS secure connections.” error this is because we need to select an SSL certificate at the Server Level.