FTP SSL/TLS Frequently Asked Questions
SSL/TLS is the same kind of encryption system used
by 'https' web pages.
When you use SurgeFTP with our SSLFTP client, the control and data connections are fully encrypted so no one can spy on the data or your commands or your password, as is possible with all non encrypted FTP sessions.
It comprises a set of three protocols, TLSv1, SSLv2
and SSLv3. The oldest is SSLv2 and hardly used
nowdays, TLSv1 is very similar to SSLv3 and only
considered marginally better.
Yes! All current and future versions of SurgeFTP support SSL/TLS
SurgeFTP is distributed with a sample certificate. For high level security you should consider getting your own server certificate. This means that clients can be sure that they are talking to 'your' server and not just someone pretending to be your server.
A script is provided. Create a DOS/Shell window and run the script file and answer the questions
Windows: cd ...\surgeftp surgeftp_ca.cmd YOUR.SERVER.NAME Other: cd .../surgeftp ./surgeftp_ca.sh YOUR.SERVER.NAME Answer all the questions, and type in a pass phrase several times while generating the key.
This will create a file SERVER.NAME.csr
Paste request.pem into a CA registration form at
a site that provides CA services, e.g.
SurgeFTP uses OpenSSL encryption / decryption libraries for SSL.
When they send you the actual key, save it as surge_cert.pem in the main SurgeFTP directory. Also, copy the privkey.pem file into the same directory and call it surge_priv.pem. e.g.
copy privkey.pem surge_priv.pem copy (signedkeyfromCA) surge_cert.pem
Then restart surgeftp.
SurgeFTP is distributed with SSLFTP, a simple command line client very similar to the standard UNIX/DOS 'FTP' client. e.g.
c:> sslftp my.server Username: xxx Password: yyy sslftp> dir sslftp> get important.dat sslftp> quit
This same client is
available for multiple platforms.
After installing SurgeFTP the SSLFTP, install script is left in the main SurgeFTP directory, sslftp_install.exe. You can distribute this to any systems that need to install the SSLFTP client, as it is a self extracting archive to install the command line utility.
There is no fee charged for the use of SSLFTP, it is freely distributable.
Please note: SSLFTP is only currently licensed for use with SurgeFTP servers, but it will work with any in a pinch. This means that we will fix any bug with SSLFTP if it cannot talk with SurgeFTP. We cannot gaurantee that we can fix problems with it not talking to other FTP servers.
(Note2: sslftp.exe was originally called sftp.exe. It was re-named to avoid conflicts)