6.1 Ensure FTP requests are encrypted - Control Channel Sites


The new FTP Publishing Service for IIS supports adding an SSL certificate to an FTP site. Using an SSL certificate with an FTP site is also known as FTP-S or FTP over Secure Socket Layers (SSL). FTP-S is an RFC standard (RFC 4217) where an SSL certificate is added to an FTP site and thereby making it possible to perform secure file transfers.

By using SSL, the FTP transmission is encrypted and secured from point to point and all FTP traffic as well as credentials are thereby guarded against interception.


To secure an existing FTP site using a SSL Certificate, a certificate must first be installed on the system. Production systems should always use a third party certificate from a trusted root, such as VeriSign. Once that certificate is installed for use in IIS, follow the steps below to configure the FTP site for SSL:
1. Open IIS Manager, select the FTP server and choose FTP SSL Settings in the Features View pane
2. Under the SSL Certificate dropdown, choose the SSL certificate to be configured for use
3. In the SSL Policy section, click the radio button next to Require SSL connections; it is important to require SSL, because allow SSL still permits non-SSL FTP
4. Click Apply in the Actions pane

See Also


Item Details


References: 800-53|SC-8(1)

Plugin: Windows

Control ID: 791702fbd471f5439948cbc6e2505d8dcbc440ca771cceda059664bcfead845a