将证书文件下载并保存到FileZilla FTP服务器所在的服务器电脑上
假设D:\apps\server\TLS\wuxiancheng.cn\目录中存在certificate.crt和private.key两个文件,其中certificate.crt为保存服务器证书公钥的文件private.key为保存服务器证书私钥的文件
运行FileZilla Server Interface.exe,依次进入Edit -> Settings -> FTP over TLS settings
点击选中Enagel FTP over TLS support (FTPS) 如果只允许FTPS加密访问FTP服务器,还可以将Disallow plain unencrypted FTP选中
将X.509 Certificate的Private key file设置为D:\apps\server\TLS\wuxiancheng.cn\private.key,将Certificate file设置为D:\apps\server\TLS\wuxiancheng.cn\certificate.crt **证书公钥和私钥可以保存到一个文件中去然后将两个配置项都设置为相同的路径
还可以设置Explicit and implicit FTP over TLS.
Allow explicit FTP over TLS (default: yes)
Note: Explicit FTP over TLS shares the normal ftp port configured on the General settings page.
Listen for implicit FTP over TLS on the following ports (default: 990)
隐式FTPS认证相对FTPS显式认证更安全,显式FTPS使用General settings -> Connection settings -> Listen on these ports设置的FTP端口,隐式FTPS默认使用990端口,也可以指定为其他端口号。注意显式FTPS设置的端口号服务器会自动监听,但不能添加到General settings -> Connection settings -> Listen on these ports的FileZill Server监听端口列表中去,否则会报错Failed to bind the listen socket on port %d to the following IPs: ***
将File transfer security中的两个项目选中确保文件传输安全
These settings need to be enabled for file transfers to be secure.
√Force PROT P to encrypt file transfers when using FTP over TLS.
√Require TLS session resumption on data connection when using PROT P.