September 3, 2015 at 5:05 pm #29358
I have a network of 700 POS machines, running Windows 7 Embedded, with IIS installed. I use the IIS only for FTP functionality to send and receive files from my POS.
I am now looking to make this FTP over SSL, rather than plain text FTP. I successfully set this up in my lab, manually. Now that I am looking to deploy it to the rest of the fleet, I would love to automate it via powershell. I am pretty good with automating processes with powershell already, but I don't have much experience with the IIS side of things.
Currently I have a script that looks like this:
# path to certificate
$certPath = 'C:\Upgrades\cert\retail.mydomain.local.pfx'
# import the pfx certificate into the personal store
certutil.exe -importPFX $certPath
# add the web administration module
Import-Module -Name webadministration
$defaultFTP = 'IIS:\Sites\Default FTP Site'
# set the properties to require FTP over SSL
Set-ItemProperty -Path $defaultFTP -Name ftpServer.security.ssl.controlChannelPolicy -Value 1
Set-ItemProperty -Path $defaultFTP -Name ftpServer.security.ssl.dataChannelPolicy -Value 1
This imports my cert into the personal store, and requires SSL over FTP (both data channel and control).
I am thinking that now I need to be able to tell the FTP site to use the certificate in my personal store, and set the port for the data channel (I picked 5001) in the FTP Firewall Support section.
I haven't really been able to find what I am looking for via searching – I am hoping someone here can help point me in the right direction.
September 5, 2015 at 7:25 am #29396
Does below work for you?
September 8, 2015 at 10:49 am #29478
Thank you for this post, I will give it a try tomorrow and report back!!
September 16, 2015 at 7:35 am #29826
This did the trick. Thank you so much for the info.
This works much better than the way that I was accomplishing this previously. I kept getting an error that the configuration was locked.
With the examples you gave, this issue seems to have been resolved.
September 16, 2015 at 7:39 am #29827
You are very welcome.
You must be logged in to reply to this topic.