2

I'm the process of setting up two IIS 7.5 FTP web sites (which are both up and running normally) both of which have FTPS set up on them. For this example:

Site 1 is called foo.com. This site has it's own SSL that was applied to the website and FTP site. Both the FTP site and web site are working normally (and securely). The FTPS site is configured to connect to the root of the website.

Site 2 is called foo1.com. This site has a secondary SSL separate from site 1 that was applied to the website and is working normally. On attemps to set up the FTPS site for site 2, the GUI install goes as normal but on attempts to connect to the server from a different server on the network, Filezilla comes back with 'Connection timed out' and 'Could not connect to server' messages.

I've played with different ports and firewall settings and I am not able to connect to the server on site 2.

Am I running into a limitation of IIS here with two different FTPS servers using two different certificates or am I missing something here?

Techie Joe
  • 327
  • 2
  • 9
  • Are the FTPS sites running on different ports? Are you using host headers with the sites? – phoebus Apr 02 '13 at 20:21
  • I've configured the server to different ports right now Site 2 is configured to port 990 and Site 1 is configured to port 21. I have a host header configured for site 2 and have tried it without a host header. All varations of configurations yield the same 'Connection Timed out' and 'Could not connect to server' messages. – Techie Joe Apr 02 '13 at 22:07
  • I've also tried disabling the firewall and still can't connect to the server. The packets are leaving my test server and does not arrive at the destination server. – Techie Joe Apr 02 '13 at 23:17

1 Answers1

2

I solved this problem by looking at a bunch of different pieces of documentation on setting up FTPS for IIS 7.5. The problem wasn't that I was creating a second FTPS site with different configurations than the first FTPS site but making sure that the FQDN/host name in the SSL and the host header for the FTPS site match up exactly while making sure:

1) Filezilla had 'Require implicit FTP over TLS' was enabled but the 'hostheader|username' format was filled out for the username.

2) Making sure that the server/website name/fqdn in the FTP setup matches the host headers/FQDN in your SSL certificate. One of the most misleading pieces of information in the documentation I found was that hostheaders had to have 'ftps' or something like that for it to work in Filezilla.

3) that the second FTPS site was configured for a separate port from site 1 (site 1 is configured for port 21 and site 2 is configured for port 990)

The best piece of information I found to guide you in the future is this tutorial:

Setup FTPS on IIS 7.5 Using Host Headers Tutorial

Techie Joe
  • 327
  • 2
  • 9
  • I had been trying to do this and from the filezilla client. I had the username formatted correctly "HostHeader|UserName" but my ssl certificate didn't match. I kept getting `530 Valid hostname is expected.` and I didn't correlate that to the SSL certificates host header. Changing to another hostheader/binding that matched the SSL cert worked perfectly, thank you! – Chris Magnuson Aug 18 '16 at 12:21
  • Link is broken. – RenniePet Dec 25 '17 at 10:02