George Ou notes in his blog that Microsoft has recently released a free Secure FTP server for the IIS 7 platform. You can find his post at http://www.formortals.com/Default.aspx?tabid=36&EntryID=39
One thing that I’d like to clarify is a point that George made regarding server certificates. When deploying secure SSL (TLS) servers, you need to install a server certificate. You can use commercial certificates (that you purchase from commercial certificate providers) or you can create your own certificates.
The advantage of using commercial certificates is that the commercial certificate providers have their root CA certificates included with Windows operating systems, which is included in the Trusted Root Certification Authorities user and computer certificate stores. This allows your user account and the machine account to trust the certificates presented to you by the secure server that you’re connecting to.
This solves the problem of the dialog box popping up in the browser indicating that you don’t trust the machine and would you like to continue. In addition, many applications will not present you with a dialog box asking if you would like to connect in spite of not trusting the certificate presented to you by the server; instead, the connection just fails.
It doesn’t matter if the commercial certificate is a “brand name” or something like GoDaddy. What does matter is that the commercial CA’s root certificate is in your clients’ Trusted Root Certification Authorities certificate store.
I checked my Windows XP computer’s Trusted Root Certification Authorities store and found GoDaddy’s CA certificate there, as seen in the figure below. So, your GoDaddy certs are as good as any certificate from VeriSign, since GoDaddy is trusted by your client machines.
In contrast, when you create private certificates, you do so because you do NOT want unmanaged machines to connect to your secure resources. In order to trust your private CAs, you have to use other mechanisms, such as Active Directory and Enterprise CAs and autoenrollment.
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: [email protected]
MVP – Microsoft Firewalls (ISA)