Setting up a sFTP server to be used with an existing Domino SSL certificate

With the new way of creating SSL certs for Domino a new opportunity occurred to me and actually it worked great. Because we create the certificates using OpenSSL the generated Key and certificate can actually be used on the same server to setup a FTPS server. Saidly because the Domino FTP server on OpenNTF.org doesn’t support FTPS I had to use the FileZilla server the setup was super simple.

Run the setup

go into settings and enable FTP over SSL select your .Key file and your certificate file that you got back from your certifier. Also check the other option to force all connections to the server to be FTPS.

FileZilla Server Settings

And now you have a FTPS server that can deliver external content to you Domino server. The last thing you need to setup is the users and groups that should be able to connect to the server.

Update: Paul Farris commented that this is an SSL based FTP server not an SSH based so the real name should be FTPS not sFTP.

Leave a Reply

7 Comments on "Setting up a sFTP server to be used with an existing Domino SSL certificate"

Notify of
avatar
Sort by:   newest | oldest | most voted
Paul Farris
Guest

Hi Fredrik, Thanks but this is a FTPS server (FTP over SSL) not SFTP. SFTP is FTP over SSH which Filezilla server does not support.

Jesse Gallagher
Guest

That’s always a fun distinction to try to make extremely clear when talking to clients about file transfers. They’re both fine, but entirely different in implementation!

Fredrik
Guest

Actually what I meant was that you can reuse the certificate in the filezilla server.

Jeroen
Guest

To be honest, it is not a good idea to use Domino’s https anymore to the web. Domino downgrades this to SSL3 (poodle bug) and there are, afaik, no plans to upgrade to TLS.

There is a huge problem now that admins are rolling out policies disabling SSL3 on the browsers, totally killing access to Domino hosted websites. We rushed in haproxy as a front end and ditched the archaic keyring format while we were at it.

You can do the same (but only on Windows servers) installing IHS straight from the Domino install CD.

Jeroen
Guest

Well, you have to admit implementing TLS 1.0 (!) in november 2014 is seriously late to the game. And I am not being argumentive. And this comes from a true Domino fan.

Fredrik, I think your item started off with starting a certificate chain with openssl with the intention of moving to to FTP, but ALSO to a keyring. You even called it a domino certificate in the title? Am I wrong understanding you really did mean moving the resuting keyring file to the domino http engine?

wpDiscuz