Administration allows you to configure the Administration interface server.
The Administration interface contains two tabs: the Connection tab, where you can add or remove the IP addresses and ports it will listen on; and the Connection security tab, where you can set up the TLS minimum allowed version and certificate.
Setting Up Listeners
FileZilla Server listens to connections from the Administration interface on the port displayed in the Local listening port field at the top of the Connection tab. You can modify the port number. If you do remember to update accordingly the Port number in the connection dialog when you start the Administration Interface.
Using the Password field you can set an administration password.
If you don’t set the administration password, for security reasons FileZilla Server listens onl on Local listening port. If you set a password, you can set FileZilla Server to listen on different addresses.
If you want FileZilla Server to listen to a new address, click on the Add button on the right. A new row will be added to the table, you need to enter the IP address in the first column and the port in the second column.
Selecting one or more rows in the table and clicking the Remove button on the right will delete those rows.
Setting Up Connection Security
The Connection security allows you to set the required minimum TLS version; and to install a new X.509 certificate, choosing one of the following options:
- Install a certificate provided by a third party;
- Generate a new self-signed certificate, like the one that FileZilla Server creates for you at installation time;
- Generate a certificate using Let’s Encrypt®.
Note: To use a newly chosen certificate you must either click the Apply or OK button at the bottom of the settings dialog.
Manually provide a certificate created by a third party
To install a third parties’ TLS certificate, upload the relevant private key and certificate chain files to a location where FileZilla Server has access. Then, enter the paths and, if required by your certificate, the password. The files must be in PEM format. Sometimes, both the private key and the certificates chain are in the same file: in that case, just enter the path to that file in both the key and certificate field.
Generate a new self-signed certificate
To generate a new self-signed certificate, click on the Generate new button. A new dialog will ask you to enter the Distinguished Name and the applicable hostnames for the new certificate. Both the fields can be left empty.