Use Let's Encrypt to protect your FTP server

Fri 04 January 2019 | article

A brief history of FTP (in)security

The FTP protocol as used today was defined in 1985 (RFC 959) based on a design created in 1971.

It was designed without taking security into consideration. All transmissions are in clear text, including username, password, and actual transferred data. All FTP communication can be easily intercepted by anyone able to capture your local or Internet traffic.

This problem is common to many of the Internet Protocol specifications (Telnet, SMTP, IMAP, etc.) that were designed prior to the creation of encryption mechanisms such as SSL or TLS.

In 1997 (RFC 2228), the FTP protocol was extended, and specifications for using secure connections were set in place. The end result is what is commonly known as the FTPS protocol.

The FTPS protocol is also sometimes referred to as Secure FTP or FTP over SSL. All these names refer to the same protocol extension.

FTPS should not be confused with the SFTP protocol, a secure file transfer subsystem for the Secure Shell (SSH) protocol. FTPS is not compatible with SFTP.

Upgrade the security of your legacy FTP server

With the widespread popularity of wireless networks, it is easier than ever to monitor network traffic. And therefore capture usernames, passwords, and actual data sent over the plain old FTP protocol.

Until recently, in order to secure public FTP servers using TLS you had to buy and manually install an X509 / SSL Certificate from one of the trusted certificate authorities. A certificate was typically valid for 1 or 2 years, and the process of buying, obtaining, and then installing a new certificate was slow and painful, as most steps required manual interventions.

With the creation of the Let's Encrypt certificate authority, you can now automatically get a TLS certificate at no extra cost in a matter of seconds.

By switching to FTPS, usernames, passwords, and actual data transferred by your FTP server are protected using the latest security standard.

Let's Encrypt and FTPS

Let's Encrypt for FTPS Server

Let's Encrypt (sometimes shortened as LetsEncrypt) is a certificate authority that provides SSL/X.509 certificates at no charge.

SFTPPlus can automatically and seamlessly request certificates for HTTPS and FTPS file transfer services. You only need to configure the domain name, SFTPPlus will take care of the rest. No need to use external tools like letencrypt.exe copy files in paths like /etc/letsencryt or C:siteswwwroot.

For technical details on Let's Encrypt in general, and on using it with a FTPS server in particular, consult the dedicated article.

If you have decided to use Let's Encrypt, check our dedicated documentation page to see how to enable Let's Encrypt for your FTP server.

This resource is written as of SFTPPlus version 3.43.0.

SFTPPlus MFT bewerten

Die in diesem Artikel aufgeführten Funktionen sind nur einige ausgewählte Funktionen aus vielen heute verfügbaren Integrations- und Konfigurationsoptionen. Sprechen Sie mit dem Support-Team über Ihre Anforderungen an die Datenaustausch-Software.

SFTPPlus MFT Server unterstützt FTP, Explizites FTPS, Implizites FTPS, SFTP, SCP, HTTP und HTTPS.

SFTPPlus MFT ist als On-Premise-Lösung erhältlich, die auf Windows, Linux und macOS unterstützt wird.

Es ist auch in der Cloud als Docker-Container, AWS- oder Azure-Instanzen und viele andere Cloud-Anbieter verfügbar.

Fordern Sie mit dem unten stehenden Formular eine Testversion an.