FlashFXP Forums - View Single Post - ioftpd as a service

Smirnoff · 04-29-2008, 10:03 AM

Hello,

I'm running ioftpd 6.4.3.
I have an official company certificate and need to implement ioftpd as a service (as we need a FTPS only site for some customers)
From the KB (https://oss.azurewebsites.net/pages/en.ioftpd-kb.php) i can see how to create and install a certificate in this case but I would need to use the official one (from digicert if that matters)

Thanks for your help
Smirnoff

In case of for the lazy among us:

Q: How can I install a SSL certificate from ioFTPD running as a service ?
A: This will allow you to use SSL with an ioFTPD server installed as a service running as LOCAL SERVICE account.

First, make sure you have those two variables in your etc\ioftpd.env:

SYSTEMDRIVE=%[environment(SYSTEMDRIVE)]
SYSTEMROOT=%[environment(SYSTEMROOT)]

- Restart ioFTPD if you had to change your ioftpd.env.

- (Optional) Install ioFTPD as a service (see here). You should not use the "Log on as This account" option in the service options.

- Disable all SSL functions (simply commenting the Certificate_Name lines would do).

- Place the makecert.exe & certmgr.exe in a directory that you can access from your FTP. Both executables can be downloaded directly from Microsoft (choose the x86 link).

- Create a .bat file in the same directory, which would contain:
makecert.exe -r -n "CN=YOUR_CERT_NAME_HERE" -b 01/01/2004 -e 01/01/2006 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -a sha1 -sk YOUR_CERT_NAME_HERE -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

- Login your FTP and execute your .bat file through a SITE EXEC command:
SITE EXEC your.bat

This will create AND install the certificate. It will be automatically added to the certificate store. You won't get any .cer file.

- Re-enable SSL in ioFTPD.ini (use YOUR_CERT_NAME_HERE in your configuration) and restart ioFTPD.exe.

04-29-2008, 10:03 AM
Smirnoff Junior Member Join Date: Mar 2004 Posts: 10	ioftpd as a service - how to configure an official certificate Hello, I'm running ioftpd 6.4.3. I have an official company certificate and need to implement ioftpd as a service (as we need a FTPS only site for some customers) From the KB (https://oss.azurewebsites.net/pages/en.ioftpd-kb.php) i can see how to create and install a certificate in this case but I would need to use the official one (from digicert if that matters) Thanks for your help Smirnoff In case of for the lazy among us: Q: How can I install a SSL certificate from ioFTPD running as a service ? A: This will allow you to use SSL with an ioFTPD server installed as a service running as LOCAL SERVICE account. First, make sure you have those two variables in your etc\ioftpd.env: SYSTEMDRIVE=%[environment(SYSTEMDRIVE)] SYSTEMROOT=%[environment(SYSTEMROOT)] - Restart ioFTPD if you had to change your ioftpd.env. - (Optional) Install ioFTPD as a service (see here). You should not use the "Log on as This account" option in the service options. - Disable all SSL functions (simply commenting the Certificate_Name lines would do). - Place the makecert.exe & certmgr.exe in a directory that you can access from your FTP. Both executables can be downloaded directly from Microsoft (choose the x86 link). - Create a .bat file in the same directory, which would contain: makecert.exe -r -n "CN=YOUR_CERT_NAME_HERE" -b 01/01/2004 -e 01/01/2006 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -a sha1 -sk YOUR_CERT_NAME_HERE -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 - Login your FTP and execute your .bat file through a SITE EXEC command: SITE EXEC your.bat This will create AND install the certificate. It will be automatically added to the certificate store. You won't get any .cer file. - Re-enable SSL in ioFTPD.ini (use YOUR_CERT_NAME_HERE in your configuration) and restart ioFTPD.exe.