Did you know: Configure Client Certificate Mapping in FTP 7.5 - Part 3

by Vivek 3/4/2010 9:06:00 AM

In this post, we will create FTP Site on IIS and configure it to use Client Certificate.

Create FTP Site:

  1. Open IIS Manager and right click on Sites Folder
  2. Click Add FTP Site…

    image016_thumb
  3. Enter the FTP site name: and select the Physical path for the site, click Next

    image017_thumb
  4. Select Binding and SSL settings as shown, I have selected the Server Certificate we requested above “newftpsite” under SSL Certificate. Click Next

    image018_thumb
  5. We won’t be selecting any Authentication methods here, under Authentication select All Users and select Read, Write permissions. Click Finish.

    image019_thumb 

Create User home directory:

  1. Right click on the FTP Site (newftpsite), click Explore
  2. Create a folder with the domain name (in our case contoso)
  3. Create a folder with the user name (bmayer in our case)
  4. Right click on the folder (bmayer) and click Properties
  5. Click Security, click Advanced
  6. Click Change Permissions…
  7. Uncheck Include inheritable permissions from this object’s parent, click Add
  8. Select Users, CREATOR OWNER and TrustedInstaller and click Remove
  9. Click OK twice
  10. Click Edit…
  11. Click Add… and add user name (bmayer)
  12. Give Modify permission for the account
  13. Click OK twice

Let us now quickly verify FTP Settings:

FTP Authentication

image020_thumb 

FTP Authorization Rules

image021_thumb

FTP SSL Settings

image022_thumb

FTP User Isolation
We have selected User name directory (disable global virtual directories)

image023_thumb

Let us now examine the applicationHost.config and enable Client Certificate for the FTP Site. There is no UI to enable Client Certificate, we will need to add the below mentioned text.

<sslClientCertificates clientCertificatePolicy="CertRequire" useActiveDirectoryMapping="true" />
and
<clientCertAuthentication enabled="true" />

<site name="newftpsite" id="2">	<application path="/">		<virtualDirectory path="/" physicalPath="C:\inetpub\ftproot" />	</application>	<bindings>		<binding protocol="ftp" bindingInformation="*:21:" />	</bindings>	<ftpServer>		<security>			<ssl serverCertHash="1AB9D34BE5F01B3A213FFEAE1556E180B8BB7BAE" ssl128="true" 
controlChannelPolicy="SslRequire" dataChannelPolicy="SslRequire" /> <sslClientCertificates clientCertificatePolicy="CertRequire" useActiveDirectoryMapping="true" /> <authentication> <anonymousAuthentication enabled="false" /> <basicAuthentication enabled="false" /> <clientCertAuthentication enabled="true" /> </authentication> </security> <userIsolation mode="IsolateAllDirectories"> <activeDirectory /> </userIsolation> </ftpServer></site>

OK, so we are good for today. Next, we will Install a User Certificate, map it to an account and then test FTPS using a client. Stay tuned…

Hope this helps,
Vivek Kumbhar


Quote of the day:
I shot an arrow into the air, and it stuck. - Graffito

Tags: , , , , , ,

Did you know | FTPS | IIS 7 | Step By Step

blog comments powered by Disqus

Disclaimer

The opinions expressed herein are our own personal opinions and do not represent our employer's view in any way.
© Copyright 2014, Rahul Soni