FTP SSL/TLS Frequently Asked Questions

Where do I get a domain name from?

$8.75 Cheap Domain Registration - Register your domain names for only $8.75, transfer them for only $7.75! Free parking, free URL forwarding, free domain name generator software, and more.

What is SSL/TLS and how secure is it?

SSL/TLS is the same kind of encryption system used by 'https' web pages.
It is generally considered to be the most (if not only) secure method for sending sensitive information across the internet, and is the basis of all ECommerce security systems used today.

When you use SurgeFTP with our SSLFTP client, the control and data connections are fully encrypted so no one can spy on the data or your commands or your password, as is possible with all non encrypted FTP sessions.

It comprises a set of three protocols, TLSv1, SSLv2 and SSLv3. The oldest is SSLv2 and hardly used nowdays, TLSv1 is very similar to SSLv3 and only considered marginally better.
These protocols are all enabled in SurgeFTP and SSLFTP, when a connection is opened in SSL mode, the underlying SSL chooses the best protocol. The three protocols are referred to as "SSL/TLS" or simply "ssl", which stands for "Secure Socket Layer"

Does my version of SurgeFTP support SSL/TLS ?

Yes! All current and future versions of SurgeFTP support SSL/TLS

How to generate a Certification Authority Request to get a CA signed key

SurgeFTP is distributed with a sample certificate. For high level security you should consider getting your own server certificate. This means that clients can be sure that they are talking to 'your' server and not just someone pretending to be your server.

A script is provided. Create a DOS/Shell window and run the script file and answer the questions

Windows:
	cd ...\surgeftp
 surgeftp_ca.cmd YOUR.SERVER.NAME

Other:
 cd .../surgeftp
 ./surgeftp_ca.sh YOUR.SERVER.NAME

Answer all the questions, and type in a  pass phrase
several times while generating the key.

This will create a file SERVER.NAME.csr

Paste request.pem into a CA registration form at a site that provides CA services, e.g. http://www.verisign.com/
http://www.abaecom.com/
http://www.digsigtrust.com/
http://www.e-certify.com/
http://www.entrust.net/
http://www.equifax.com/
http://www.globalsign.com/
http://www.tc-trustcenter.com/
http://www.thawte.com/
http://www.valicert.com/

SurgeFTP uses OpenSSL encryption / decryption libraries for SSL.

When they send you the actual key, save it as surge_cert.pem in the main SurgeFTP directory.  Also, copy the privkey.pem file into the same directory and call it surge_priv.pem. e.g.

 copy privkey.pem       surge_priv.pem
 copy (signedkeyfromCA) surge_cert.pem

Then restart surgeftp.
Windows:
net stop SurgeFTP
net start SurgeFTP

Other:
/usr/local/surgeftp/surgeftp_stop.sh
/usr/local/surgeftp/surgeftp_start.sh

What FTP client can I use with SSL/TLS

SurgeFTP is distributed with SSLFTP, a simple command line client very similar to the standard UNIX/DOS 'FTP' client. e.g.

	c:> sslftp my.server
	Username: xxx
	Password: yyy
	sslftp> dir
	sslftp> get important.dat
	sslftp> quit

This same client is available for multiple platforms.
There are also many SSL gui clients now available, 'smartftp' is one good example, see http://www.smartftp.com/

After installing SurgeFTP the SSLFTP, install script is left in the main SurgeFTP directory, sslftp_install.exe. You can distribute this to any systems that need to install the SSLFTP client, as it is a self extracting archive to install the command line utility.

There is no fee charged for the use of SSLFTP, it is freely distributable.

Please note: SSLFTP is only currently licensed for use with SurgeFTP servers, but it will work with any in a pinch. This means that we will fix any bug with SSLFTP if it cannot talk with SurgeFTP. We cannot gaurantee that we can fix problems with it not talking to other FTP servers.

(Note2: sslftp.exe was originally called sftp.exe. It was re-named to avoid conflicts)