6

This question is about "FTP over SSL", if I understand correctly FTPS and HTTPS are just the standard FTP and HTTP protocols running on top of SSL, is this correct?

The actual question is: is the certificate that you use for FTPS the exact same that you can use for HTTPS? or are there any differences?

To give you some context, I need to get a certificate for an FTPS server, I know I can generate one but it needs to be from an certificate authority, I just need to make sure that I can use the same type of certificate that we use here for HTTPS, otherwise need to know what type of certificate I need to get

BlackTigerX
  • 319
  • 1
  • 3
  • 8
  • According to an entry in the Let's Encrypt forum, [you can use normal Let's Encrypt certificates for FTPS](https://community.letsencrypt.org/t/ftp-le-ftps/18804/3?u=uwekeim), too. – Uwe Keim Aug 10 '18 at 14:19

2 Answers2

8

Both FTPS and HTTPS use the same basic kind of certificate (SSL server certificate). However, depending on your software you may need it in a different format, such as pkcs8 instead of x509. There are ways to convert between those formats (openssl command-line stuff, mostly). Odds are high that clients are using the same libraries for the SSL portions of FTPS as for HTTPS; same for the servers.

I'm not doing any FTPS, but I can tell you that we use the exact same formats of certificates for HTTPS, IMAPS, IMAP+TLS, SMTP+TLS, LDAPS, LDAP+TLS, etc...

freiheit
  • 14,334
  • 1
  • 46
  • 69
  • +1, Correct all SSL/TLS server programs use a Server Authentication enabled certificate to secure the connection. Additional requirements may be imposed by the protocol, but https and ftps no not need anything special. – Chris S Jun 16 '10 at 02:53
  • 1
    for HTTPS we use IIS, for FTPS we want to use FileZilla, so the tools are very different, FileZilla doesn't have a way to generate the CSR file that I need http://serverfault.com/questions/151531/how-to-generate-a-csr-for-verisign-for-use-with-filezilla-in-windows – BlackTigerX Jun 16 '10 at 20:20
3

As far as I know you use exactly the same type of SSL certificate (a server certificate, actually). Of course the certificate will have to be issued for the correct hostname of your FTP server.

You don't need a certificate from a "root certification authority" (the ones that come preinstalled on every system) unless you need to use the established PKI to prove your identity - ie. if you use it for internal use and check the certificate fingerprint to prove identity, there's no need for an external CA, and the certificate will then enable you to encrypt traffic anyway.

Luke404
  • 5,708
  • 3
  • 44
  • 58