Manage the FTP server

In this topic you will learn how to:

Add an FTP server

To add a FTP server, go to the extended Server Control page and on the FTP Servers pane, click Actions > Add Server.

The following table presents all parameters and expected values associated with your new FTP server.

Field Description
General
Server Name Enter a unique name of your server.
Enable FTP Select to enable FTP transfers: you must select this option if you want to enable secure FTP (FTPS) transfers.
Enable FTPS

Select to enable FTPS transfers.

Caution   When uploading files to SecureTransport Server via FTPS, the FTP client is required to indicate that the transfer is complete by sending a close_notify message. If a close_notify message is not sent by the client, the file transfer will fail. You can prevent transfer failure by setting the configuration option Ftp.Ssl.requireCloseNotify to false but this would make the server susceptible to TLS truncation attacks.
Enable FIPS Select to enable FIPS transfer mode for FTPS connections.

By selecting this option, the Enabled FIPS Ciphers field becomes editable.

Port Enter the port number of your FTP or FTPS server.
Host Enter the IP address of your external FTP (or FTPS) host server. Leave this option blank if you do not need an external host.
SSL Settings  
SSL Key Alias Select an SSL Key Alias from the drop-down list, for example, ftpd.
Enabled Protocols

Enter a comma-separated list of SSL protocol versions.

Default value for newly created FTPS servers after updating to SecureTransport 5.5-20210930: TLSv1.2, TLSv1.3.

Default value for existing FTPS servers: TLSv1, TLSv1.1, TLSv1.2. For instructions on how to enable TLSv1.3 protocol support, refer to the SecureTransport 5.5 Security guide.

Note TLS v1.3 no longer supports DSA certificates. If a server is configured to use DSA certificates and TLS v1.3 is enabled on both the client and the server, the handshake fails.
Key Algorithm

Enter the Key Algorithm (SunX509 by default). Note that with SecureTransport running on AIX systems, the default value is IbmX509.

SSL Protocol Enter the used SSL protocol group: SSL or TLS (TLS by default). Note that with SecureTransport running on AIX systems, the default value is SSL_TLS.
SSL Trust Algorithm Enter the SSL Trust Algorithm (SunX509 by default). Note that with SecureTransport running on AIX systems, the default value is IbmX509.
Enabled Ciphers

Enter the cipher suites to be used with your FTPS server.

For more information on cipher suites, refer to the SecureTransport Cipher suites topic, part of the SecureTransport 5.5 Security guide.

Enabled FIPS Ciphers

Modify the cipher suite set to be used with your FTP server in FIPS mode.

By default, this field is populated with all FIPS compliant TLS cipher suites supported by SecureTransport. For the complete list, see Advertised ciphers and cipher suites.

Click the "down arrow" icon on the right to access a drop-down menu with options to select and deselect all items, reset to defaults, and reload the previously saved selection.

For the default FTP server, the list of allowed cipher suites in FIPS mode is determined by the Ftp.FIPS.Listeners.Ssl.EnabledCipherSuites configuration option.

Client Certificate

This drop-down list presents the options to define support for certificate use for FTP authentication. Possible values are:

  • Disabled – no certificate authentication is required
  • Required – the client must authenticate using a certificate
  • Optional – the client can authenticate either using a certificate or a password
FTP Passive Mode
Base Port Enter the passive mode base port (0 by default: this means that SecureTransport will use a random port for FTP passive mode transfers).
Number of Ports The passive mode port range.

Once you are finished entering the parameters of your FTP server, click Save to create it; or Cancel to discard all changes and return to the Server Control page.

Start and stop a server

You can easily start and stop your FTP server.

  • Start your server by clicking the "play" icon:
    A box with a success message pops up on your screen and your server status changes to Running.
  • To stop your server, click the "stop" icon:
    A box with a success message pops up on your screen and your server status changes to Stopped.

You can only start the FTP daemon once the Ftp Default server is operating (enabled). Stopping the daemon will stop all underlying started servers. During daemon start, only the enabled servers will be started. In case of FTP, an "enabled server" means that you have at least selected the Enable FTP option.

Edit FTP server settings

You can change any of the FTP server property values. Note that you can change the server name only when the server is stopped. To update an FTP server, click the corresponding "gear" icon:

A new modal box with the FTP settings pops up. Add your changes and click Save to apply your changes; or Cancel to discard them.

Delete a FTP server

Note You cannot delete or change the name of the "Ftp Default" server from the SecureTransport Administration Tool.

You can only delete a server once it is stopped. You cannot delete a server in Running status.

To delete a server, locate it on the Server Control page, make sure it is stopped and click the corresponding "trashcan" icon:

Related Links