Setting Up FTP Listeners and Connection Security

The FTP Server configuration panel contains two tabs: the Connection tab where you can add or remove the IP addresses and ports it will listen on, and the supported protocol; the Connection security tab you can set up the TLS minimum allowed version and certificate to be used by the FTPS connection.

Note: The Configuration dialog does not allow you to set up listeners on the same address and port used by the Administration interface. If the configuration file contains an address/port collision for some reason, the administration listener will prevail, so that it would be possible to change the FileZilla Pro Enterprise Server’s configuration and resolve the conflict.

Setting Up Listeners

At first the FTP Server is already configured to listen on port 21 on all IPs v4 and IPs v6 (0.0.0.0:21 and [::]:21).

To set a new address and port the FTP Server will listen on, go to the Connection tab and click the Add button on the right. A new row will be added to the table on the left, and you must fill in the required information. Enter the IP address in the first column and the port in the second column. Select the appropriate FTP protocols in the third.

Selecting one or more rows in the table and clicking the Remove button will delete those rows.

Setting Up Connection Security

The Connection security allows you to set the required minimum TLS version; and to install a new X.509 certificate, choosing one of the following options:

  • Install a certificate provided by a third party;
  • Generate a new self-signed certificate, like the one that FileZilla Server creates for you at installation time;
  • Generate a certificate using Let’s Encrypt®.

Note: To use a newly chosen certificate you must either click the Apply or OK button at the bottom of the settings dialog.

At the bottom of the tab you’ll find the information related to the newly chosen certificate.To set up
Connection Security go to Protocol settings › FTP and FTP over TLS (FTPS).

Manually provide a certificate created by a third party

To install a third parties’ TLS certificate, upload the relevant private key and certificate chain files to a location where FileZilla Server has access. Then, enter the paths and, if required by your certificate, the password. The files must be in PEM format. Sometimes, both the private key and the certificates chain are in the same file: in that case, just enter the path to that file in both the key and certificate field.

Generate a new self-signed certificate

To generate a new self-signed certificate, click on the Generate new button. A new dialog will ask you to enter the Distinguished Name and the applicable hostnames for the new certificate. Both the fields can be left empty. If left empty the Distinguished Name will be populated with CN=filezilla-server self signed certificate.

Generate a certificate using Let’s Encrypt®

To generate a certificate using Let’s Encrypt®, you must first set up the generic Let’s Encrypt® configuration. If you’ve not done that yet, a button will display the text Set up Let’s Encrypt® options first and clicking it you will be redirected to the relevant page. For further info about how to set up Let’s Encrypt® please consult Configuring Let’s Encrypt®.

Once the Let’ Encrypt® options are set up, click on the Generate new button. A new dialog will ask you to enter applicable hostnames for the new certificate. This field is mandatory and cannot be left empty.

Custom welcome message

To set up a custom welcome message click on the Welcome message tab, then enter the text you want to be displayed.

Tags: , ,