Setting up Serv-U to allow for secure connections is quite simple. It offers a variety of secure connection types, including FTPS (FTP secured over SSL), HTTPS (HTTP secured over SSL), and SFTP (file transfer over SSH, available in Serv-U Gold/Corporate only). To configure FTPS/SFTP secured connections, follow the steps below:

Configuring Serv-U for FTPS and HTTPS

• Navigate to the Domain Details | Listeners menu and ensure that an FTPS or HTTPS listener is entered. If it is not, click on "Add" and add the appropriate listener
• Navigate to Limits & Settings | Create and specify SSL and SSH...

  

• Specify the details requested in the "SSL Certificate" menu
  • The "Certificate Path" is the path to your .crt certificate file
  • The "Private Key Path" is the path to your .key private key file
  • The "Password" is the password you selected to protect your private key
  • If you have Serv-U Corporate or Serv-U Gold, the "CA (Certificate Authority) Certificate Path" allows you to specify a .pem file for the Intermediate Certificate if required by your CA.

  

• Click Save, and make sure your FTPS and/or HTTPS listener(s) are configured

NOTE: If you have received a signed certificate from a verified certificate authority, instead of creating a certificate you can specify the .crt certificate file path and the .key private key file path by using the "Browse" buttons on this page.

Extracting Private Key From .PFX Files

In some cases, some Certificate Authorities may issue certificates that bind the certificate and private key into one file. In order to use this certificate in Serv-U, the certificate and private key must be extracted into separate files and then used, via the directions below:

1. Open the IIS certificate manager
2. Export the certificate to a PFX file (make sure strong encryption is not selected when exporting).
3. Install OpenSSL on your server
4. Run the following commands:
   • openssl pkcs12 -in .pfx -clcerts -nokeys -out .crt
   • openssl pkcs12 -in .pfx -nocerts -out .key
5. Using the .crt and .key files generated above, install the certificate into Serv-U

Configuring Serv-U For SFTP

SFTP is another way of securely transferring files that creates a secured SSH2 tunnel to transfer files, and is only available in Serv-U Gold/Corporate Edition. This connection is secured using a private key that is configured in Serv-U by using the following directions:

• Navigate to the Domain Details | Listeners menu and ensure that an SFTP listener is entered. If it is not, click on "Add" and add the appropriate listener
• Navigate to Limits & Settings | Create and specify SSL and SSH...

  

• Select "Create Private Key"
• Enter the password to secure the Private Key
• Enter the key type - DSA is more commonly supported, but RSA is also available
• Select the Key Length - the longer the key, the more secure the connection, but shorter keys will allow for faster processing of files
• The Output Path can usually be your installation directory

  

Configuring FTPS In Serv-U 6.x

Serv-U 6.x and older only support FTPS. To configure FTPS in Serv-U 6.x, follow the directions below:

• Open the Serv-U Administrator and then select Local Server | Settings.
• Select the SSL Certificate tab. If you do not see an SSL Certificate tab confirm that you are running either Serv-U Standard Secure, Serv-U Professional, or Serv-U Corporate.
• On this tab customize the information fields to match your information.
• Select the domain you have setup in Serv-U. You will see a "Security" drop down menu.
• Select the type of connections you want to allow. The options are Regular FTP only, no SSL/TLS sessions (Standard FTP only), Allow SSL/TLS and regular sessions (SSL/TLS Explicit), and Allow only SSL/TLS sessions (SSL Implicit).

After selecting one of the SSL options, Serv-U will allow secure connections.

When using SSL, we recommend using FTP Voyager. FTP Voyager and Serv-U use the same libraries for the secure connection, and have been tested together extensively.

NOTE: if your FTP Client can connect with a regular session, but not with SSL enabled then we would recommend checking if there are any NAT enabled device between the FTP Client and Serv-U. The NAT translation is not able to understand the encrypted data being sent between the client and server and thus corrupts the data connection. Currently the only work arounds are to disable the NAT functionality or move Serv-U or the FTP Client in front of the NAT enabled device.