Knowledge Essentials - 3Essentials Hosting

Configuring your FTP client for FTPS

Article ID: 1249

 Back to Search

The following provides instructions for enabling the use of FTPS (FTP over SSL) on common FTP clients.   See the bottom of this article for how to verify you have made a secure connection.

SHARED HOSTING customers with a Dedicated IP address:

- Your FTP configuration is separate from the primary shared IP, therefore before you use FTPS, you'll need to submit a support request asking us to configure the passive port range for the FTP server for your Dedicated IP address, before you can use FTPS (you can actually connect, you just wouldn't be able to retrieve a directory listing).

- Anywhere it states to use the hostname of the server, you should instead use your dedicated IP address.

Other related Articles you may find helpful:

*FTP over SSL is not available on the following servers: web14, web12, web10, web8, web6, web4, web2, web5, web7.  If you are hosted on one of these servers and wish to use FTPS for file transfer, please contact our Sales team about current hosting plans and migrating to a new server.

 

WSFTP
-----------------
WSFTP versions tested: WSFTP Pro
(note WSFTP Home does not support FTPS)

Launch the Connection Wizard, and set the following parameters:
- SiteName: (set to anything you wish to call the connection)
- Connection Type: FTP/SSL (AUTHSSL)
- Server Address: ftp.yourdomain.com (replace yourdomain.com with your actual domain)

  - NOTE: If you are hosted on web34, you must specify web34.3essentials.com for the server/host. If you have a dedicated IP address assinged to your site, use that.

- Username: your FTP username
- Password: your FTP password
Click the button for ADVANCED settings, which will open the SITE OPTIONS for this connection.
In the left pane, select ADVANCED and set these parameters:
- USE PASSIVE MODE FOR DATA CONNECTIONS: enable
(all other defaults on this page should be fine)
In the left pane, select ADVANCED:SSL and make sure these options are set as follows:
- USE TLSv1 ONLY: enable
- USE UNENCRYPTED COMMAND CHANNEL AFTER SSL AUTH: disabled
- USE UNECRYPTED DATA CHANNEL: disabled

Click OK/SAVE to save changes.

Click the CONNECT button to launch the connection.

You will be prompted with a pop-up regarding NON-TRUSTED CERTIFICATE, select the option to TRUST THIS CERTIFICATE and click OK.

CoreFTP
-----------------
CoreFTP versions tested: LE v2.1

In Site Manager, set the following parameters:
- SiteName: (set to anything you wish to call the connection)
- host: ftp.yourdomain.com (replace yourdomain.com with your actual domain)


  - NOTE: If you are hosted on web34, you must specify web34.3essentials.com for the server/host. If you have a dedicated IP address assinged to your site, use that.

- Username: your FTP username
- Password: your FTP password
- port: 21
- PASV: enable
- Connection: AuthTLS
SSL Options:
- SSL Listings: enabled
- SSL transfer: enabled

Click CONNECT to launch the connection.  You will be prompted with the Certificate information, click the ALWAYS ACCEPT button.

FileZilla

-----------------
FileZilla version tested: 3.7.3

In Site Manager, set the following parameters in the "General Tab":
- host: yourdomain.com

  - NOTE: If you are hosted on web34, you must specify web34.3essentials.com for the server/host. If you have a dedicated IP address assinged to your site, use that.


- User: your FTP username
- Password: your FTP password
- port: 21
- Encryption: Require explicit FTP over TLS

 

Generic FTP client instructions:
-----------------
ftp server/host: ftp.yourdomain.com (replace yourdomain.com with your actual domain)

  - NOTE: If you are hosted on web34, you must specify web34.3essentials.com for the server/host. If you have a dedicated IP address assinged to your site, use that.


port: 21
active/passive mode: passive (PASV) or epassive (EPASV)
FTPS/security options: the option for enabling FTPS may be called any of the following:
- AuthTLS
- AuthSSL
- FTP over SSL Explicit
- SSL Explicit
- AuthSSL-Explicit
(where specified, do not chose the "Implicit" option, only the "Explicit" option)

When making your connection, if you receive warning about the certificate, select the option to allow use of the certificate despite the warning.

 


 

 Verifying your FTPS connection was successfully made in a secure manner:

 When testing an FTPS connection… you can confirm you used SSL by checking the FTP log in your FTP client for the AUTH command (either AUTH SSL or AUTH TLS)… Here’s an example of what FireFTP logs for an FTPS connection:

220 WEB16.3Essentials.com FTPserver ready...
       AUTH TLS
234 AUTH command ok; starting SSL connection.
       PBSZ 0
200 PBSZ=0
       USER someuser
331 Password required for someuser.
       PASS (password not shown)
230 User someuser logged in.

Versus what it logs for a standard FTP connection:

220 WEB16.3Essentials.com FTPserver ready...
       USER someuser
331 Password required for somuser.
       PASS (password not shown)
230 User someuser logged in.

Notice the AUTH TLS command was the FIRST thing that was sent by the FTP client software to the FTP server – and the SSL connection was then negotiated and set up BEFORE the user/pw was even sent.

 

 
Downloads Associated With This Article
No downloads are currently associated with this article.