Create FTPS server on Windows Server IIS in 5 minutes - sithum devops

Create FTP over SSL server on Windows Server 2019. This allows multiple users to access their own directory but not other directories. I'm creating this on AWS but you can create in any cloud or on-premise server.

1. Go to server manager. Add roles and features.

2. Select Web Server (IIS) and FTP Service

3. Go to Windows Defender Firewall, Click allow an app or feature through Windows Defender Firewall, Allow another app, add svchost.exe (Host Process for Windows Services) and allow it along with FTP server.

4. Open powershell and create a self-signed certificate using the following command. If you already have a pfx certificate for the domain, you may install it now.
New-SelfSignedCertificate -FriendlyName "selfsigned-localhost" -CertStoreLocation cert:\localmachine\my -DnsName localhost

Self-signed certificates created from the IIS itself won’t work with Windows Server 2019 FTPS servers.

5. Create a folder to store files and a separate sub-folder for each user.

6. Go to Computer Management, Local users and groups, create a new group named FTPS_Users.

7. Create users who need access to FTPS and add to the group created. Use strong passwords to make it secure.

(In case you are confused, the usernames of the two users I created are organization1 and organization2)

8. Open IIS manager and go to FTP Firewall Support.

9. Add data channel port range41200-41300 Add server public IP to the External IP field and click Apply.

10. Delete the Default Web Site if the server is dedicated to FTPS. Right-click on Sites and select Add FTP Site. Give a meaning name to the site, set the physical path to: C:\inetpub\ftproot, set other settings as follows.

IP: All Unassigned
Port: 990
Check: Start FTP site automatically
SSL: Require SSL
SSL Certificate: The certificate we created/installed previously.

Hit the next button and use the following settings.

Authentication: Basic
Authorization: Specified roles or user groups
Group: FTPS_Users
Permissions: Read. Write

11. Select the site you just created and Add Virtual Directory.
Alias: LocalUser
Physical path: C:\FTPS or the folder you created to store files.

12. Select the site once again and go to FTP User Isolation.

Select: User name directory (disable global virtual directories)
and click Apply.

13. Open windows services and restart Microsoft FTP windows server. It’s easier than restarting the whole server.

Open Filezilla or your favourite FTP client and connect to the server. Test it with multiple users.

You should get a certificate warning if you selected the self-signed certificate. It’s safe to check Always trust certificate in future sessions because the connection and file transfers are still secured with SSL encryption.