Set up SSL client certificate authentication with AD in TurboFTP FTPS/HTTPS Server

Overview

One of the approaches to strengthen the security of HTTPS/FTPS(secure FTP) server's logon process, is to use SSL client certificate authentication. This step-by-step guide will show you how to configure Active Directory, TurboFTP Server and Client to use certificates.

Export RootCA certificate from CA console

  1. Open Active Directory Certification Authority console.

  2. Right-click on the CA and choose Properties.

  3. On the General tab click View Certificate.

  4. Click on Copy to File button.

  5. Leave default file format and click Next.

  6. Click Browse and provide a path where to store CA certificate.

  7. Click Next, and confirm your export operation, once certificate is exported you will see an affirmative message.

Import RootCA certificate to TurboFTP Server

  1. In TurboFTP Server console click on Local Server.

  2. Switch to SSL Certs tab and click Import.

  3. Provide a name and path to the certificate and click OK.

Create TurboFTP SSL Server certificate

  1. Click on the New button to create an SSL certificate (on the server).

  2. Provide certificate name and passphrase (other options can be left with default values).

  3. Provide Certificate Subject Information.

  4. Click Next and certificate will be generated.

Configure TurboFTP Server to accept secure SSL connections

  • Click on FTP Server, go to Connection tab, Enable Allow Explicit SSL for FTP or Allow Explicit TLS for FTP check boxes and select appropriate certificates.

Configure TurboFTP Server to accept secure SSL connections

To automatically enroll clients for certificates in a Windows domain environment, use Group Policy certificates auto-enrollment by following the official guide from Microsoft.

Please note this is only an example of setting up SSL client certificate authentication for users in TurboFTP Server. This authentication function is not limited to Active Directory users or bound to Windows Certification Authority. You can use a third party CA certficate and create/distribute client certificates signed by the CA to users, who can be from any authentication source that is supported by TurboFTP Server.