Exporting an SSL Certificate from IIS to use in FileZilla FTP Server

January 23rd, 2007 duckworth Posted in Code, Server | 19 Comments »

FileZilla is a free, open source FTP
server (there is also a client) with SSL/TLS support.

I wanted to use my real SSL Certificate that I had for my website to secure the communication
to my FTP Server and couldn't find any instructions on how to do so. After a little
searching and some trial and error this is the solution I have come up with, I hope
someone finds this useful.

The real certificate was set up and installed in IIS6, so the first step is to export
the cert from IIS. The Directory Security tab in the properties section of your website
in IIS has a button labelled "Server Certificate" which will launch the Web Server
Certificate wizard. Once the wizard launches, click next and choose the option "Export
the current certificate to a .pfx file:

Enter the name and the path of the file and click next. Choose a password to encrypt
the exported file with and click next, then finish.

The program I used to convert the certificate is called XCA and
can be downloaded from SourceForge.
Once you have XCA installed launch the application, and under the certificates tab
select "Import PKCS#12" and browse to the .pfx file that was exported from IIS:

It will prompt you for the password to decrypt the .pfx file and you will need to
use the password chosen when you exported it from IIS. In the next dialog, chose "import
all".
You should now see an entry under the keys tab named "unnamed" and an entry under
the certificates for your imported certificate.

Now we are going to export the Key file and certificate file required by FileZilla.
To export the key select the "unnamed" key and chose export, check off option to Encrypt
the key with a password, the format will be PEM:

Then export the certificate in the PEM format also:

The final step is to configure FileZilla to use your key and certificate. Browse to
the key and certificate files and enter the password you used to encrypt your key:

FileZilla will now use your real SSL Certificate and you will be able to secure your
FTP communications to your server!

Bookmark and Share

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

  • http://www.ResumeBuilderPlus.com resume building

    test

  • http://www.thesslstore.com RapidSSL Certificates

    Hey you know that theSSLstore.com is running a special on VeriSign Secure Site Pro with EV for only $899. I’ve just received an email from them.
    They are not publishing this offer on their site, so, use promo code VSSPEV02 to redeem.
    The link to redeem is http://www.thesslstore.com/VSSPEV/

  • http://salonspasource.com/ Oxygen Facials

    Hey that's wonderful blog post.. I learned something new from this..
    Thanks..

  • http://oxygenfacial.blogspot.com Oxygen Facials

    Hello.. I was looking for the same.. I got the step but was stuck at one place and this blog has solved it.. Thanks..

  • Sweet

    sweetssl

  • Sdf

    sdfsd

  • sdfsdf

    asdasdasdasd

  • http://sfsd.com Sdfsdf

    Sfdfsdf

  • Anthony Selby

    It still says the server is unknown because godaddy isnt knownrn

  • duckworth

    Most likely the client computer doesn’t have Godaddy’s root certificate authority as a trusted CA. You should be able to include the whole chain the certificate file. Godaddy should supply the intermediary ca’s in a file gd_bundle.crt when you buy your cert from them.

  • asugianto

    I did all that, but FileZilla Server couldn’t load the key. What did I do wrong?

  • duckworth

    Are there any error messages in Filezilla’s log file?

  • Zack F.

    Instead of exporting the key and certificate separately as PEM, try exporting the certificate to the format “PEM Cert + key”. Use this file for both the Key and Certificate fields in the FileZilla settings and leave the password blank. This seems to work for me.

  • Lohnesjc

    I am useing ftp on 2008 r2 this helps to filezilla server but I need it to be applied to client fizilla. yet nothing is working. I tried to use putty by adding into crt but i get error. couldn’t load private key (file does not begin with openSSH key header). so Is there any way to have crt to have openSSH key. So i can use putty to convert it to ppk?

  • http://twitter.com/glcardenas Gilberto Cardenas

    You must clear “Encrypt the key with the password”, It should be fine :) u00a0

  • Wmainhardt

    I installed XCA but I can’t click on Import PKCS#12 (or any other item) because they are all grayed out.

  • http://illdata.com duckworth

    You have to create/open an XCA database first.

  • Ron Michael

    FYI, the latest versions of XCA (.9 as of today) are in some ways very different from the instructions described above. u00a0In fact XCA no longer appears to let you export a private key. u00a0I had to download an older version (.6) to get this to work.n

  • Bryonics

    It does let you export a key, from the ‘Private Keys’ tab.

«
»