Rebex Buru SFTP Server documentation
How to enable HTTP over TLS (HTTPS) for Web Administration
This page describes how to use a certificate (provided by a Certificate Authority or self-signed) to enable HTTP over TLS (HTTPS) for Buru SFTP Server Web Administration.
1. Get a TLS certificate
We recommend getting a TLS certificate from a trusted Certificate Authority (CA). The request process is beyond the scope of this article but is usually described in detail on the Certificate Authority website.
For testing / internal purposes you can create a self-signed certificate. Such certificate will usually trigger a warning in client's browser and therefore we strongly discourage against using self-signed certificates on public servers.
There are several ways to create a self-signed certificate. The snippets below will create a password-protected, RSA 4096-bit SHA-256 pfx certificate named
burusftp.pfx in the current directory.
Make sure to replace the password and common name (CN) with real values.
certgen tool (recommended)
Run the following command in console
burusftpwa certgen -s "CN=yourdomain.com" -p "password" burusftp
certgen command has many options available - see the documentation.
Run the following commands in PowerShell as administrator
$cert = New-SelfSignedCertificate -Subject 'CN=yourdomain.com' -KeyLength 4096 $password = "password" | ConvertTo-SecureString -AsPlainText -Force Export-PfxCertificate -Cert $cert -FilePath burusftp.pfx -Password $password
Using OpenSSL (when available)
Run the following two commands
openssl req -x509 -newkey rsa:4096 -sha256 -keyout burusftp.key -out burusftp.crt -subj "/CN=yourdomain.com" -days 400 openssl pkcs12 -export -name “burusftp” -out burusftp.pfx -inkey burusftp.key -in burusftp.crt
2. Update the configuration file
Enable HTTPS in the
webconfig.yaml configuration file.
As in the previous step, replace the
password with real values.
bindings: # listen for HTTPS requests on https://localhost:443 - hostname: localhost port: 443 certificateFromFile: filePath: C:\some\path\burusftp.pfx password: "password"
The Web Administration as configured in the example above will only be accessible from the same machine.
In order to open the administration to outside access from all network interfaces, set
Note: Loading a certificate from a
.pfx file is the simplest way.
For better security, you should put the certificate (as a non-exportable) to the certificate store provided by Windows OS.
To use the certificate from there, see the config file documentation.
3. Restart the Web Administration service
For the changes to take effect, restart the Web Administration service either in the Services section of Windows' Control panel or using the following command:
burusftpwa svc restart
You can also enable HTTPS using a standalone web server using a reverse proxy. These articles should get you started:
- Rebex TLS Proxy
- IIS - Setup IIS with URL Rewrite as a reverse proxy for real world apps
- Apache - Reverse Proxy Guide
- NGINX - NGINX Reverse Proxy
Web administration displays a warning when unencrypted HTTP endpoint is used, which might be the case when using a reverse proxy.
To suppress this warning, use
suppressHttpEndpointWarning: true option in web admin configuration file.
Download fully functional free 30-day trial.Free download
Get a free non-commercial license. It includes most of the features of Professional edition.Get free license