Set up SSL client certificate authentication with AD in TurboFTP FTPS/HTTPS Server
  • Home
  • TurboFTP Server
  • Tutorials
  • Set up SSL client certificate authentication with AD in TurboFTP FTPS/HTTPS Server

SSL client certificate authentication in TurboFTP FTPS/HTTPS Server

One of the approaches to strengthen the security of HTTPS/FTPS (secure FTP) server's logon process is to use SSL client certificate authentication. This step-by-step guide will show you how to configure Active Directory, TurboFTP Server, and the Client to use certificates.

Table of Contents

1. Export RootCA certificate from CA console

  1. Open the Active Directory Certification Authority console.

    Active Directory Certification Authority console window

  2. Right-click on the CA and choose Properties.

    Right-clicking the CA to access properties

  3. On the General tab, click View Certificate.

    General tab of CA properties showing the View Certificate button

  4. Click on the Copy to File button to initiate the export wizard.

    Certificate export wizard: Copy to File button

  5. Leave the default file format and click Next.

    Selecting the default certificate export file format

  6. Click Browse and provide a local path where the CA certificate will be stored.

    Saving the exported CA certificate file

  7. Click Next and confirm your export operation. Once finished, you will see an affirmative success message.

    Successful certificate export confirmation message

2. Import RootCA certificate to TurboFTP Server

  1. In the TurboFTP Server management console, click on Local Server.

  2. Switch to the SSL Certs tab and click Import.

    Importing a certificate into TurboFTP Server SSL Certs tab

  3. Provide a name and the file path to the certificate, then click OK.

    Specifying the certificate file for import

3. Create TurboFTP SSL Server certificate

  1. Click on the New button to create a new SSL certificate for the server.

    Clicking New in SSL Certs to generate a new certificate

  2. Provide a certificate name and passphrase (default values are usually sufficient for other options).

    Setting the certificate name and private key passphrase

  3. Provide the Certificate Subject Information (Organization, Common Name, etc.).

    Entering certificate subject and issuer details

  4. Click Next to generate the certificate file.

    Finalizing the generation of the server SSL certificate

4. Configure TurboFTP Server to accept secure SSL connections

  • Click on FTP Server, navigate to the Connection tab, and enable Allow Explicit SSL for FTP or Allow Explicit TLS for FTP. Select the appropriate certificates from the dropdown menus.

    Enabling SSL/TLS on the domain connection settings

5. Deploy User Certificates

To automatically enroll clients for certificates in a Windows domain environment, use Group Policy certificates auto-enrollment by following the official Microsoft guide.

Note: This is a guide for setting up SSL client certificate authentication. This function is not limited to Active Directory users. You can use any third-party CA certificate and distribute client certificates signed by the CA to users regardless of their authentication source (Internal Database, ODBC, LDAP, etc.).