Rebex Buru SFTP Server documentation

How to enable HTTP over TLS (HTTPS) for Web Administration

This page describes how to use a certificate (provided by a Certificate Authority or self-signed) to enable HTTP over TLS (HTTPS) for Buru SFTP Server Web Administration.

1. Get a TLS certificate

We recommend getting a TLS certificate from a trusted Certificate Authority (CA). The request process is beyond the scope of this article but is usually described in detail on the Certificate Authority website.

For testing / internal purposes you can create a self-signed certificate. Such certificate will usually trigger a warning in client's browser and therefore we strongly discourage against using self-signed certificates on public servers.

There are several ways to create a self-signed certificate. The snippets below will create a password-protected, RSA 4096-bit SHA-256 pfx certificate named burusftp.pfx in the current directory. Make sure to replace the password and common name (CN) with real values.

Run the following command in console

burusftpwa certgen -s "CN=yourdomain.com" -p "password" burusftp

The certgen command has many options available - see the documentation.

Using PowerShell

Run the following commands in PowerShell as administrator

$cert = New-SelfSignedCertificate -Subject 'CN=yourdomain.com' -KeyLength 4096
$password = "password" | ConvertTo-SecureString -AsPlainText -Force
Export-PfxCertificate -Cert $cert -FilePath burusftp.pfx -Password $password

Using OpenSSL (when available)

Run the following two commands

openssl req -x509 -newkey rsa:4096 -sha256 -keyout burusftp.key -out burusftp.crt -subj "/CN=yourdomain.com" -days 400
openssl pkcs12 -export -name “burusftp” -out burusftp.pfx -inkey burusftp.key -in burusftp.crt

2. Update the configuration file

Enable HTTPS in the webconfig.yaml configuration file. As in the previous step, replace the filePath and password with real values.

bindings:
  # listen for HTTPS requests on https://localhost:443
  - hostname: localhost
    port: 443
	certificateFromFile:
	  filePath: C:\some\path\burusftp.pfx
	  password: "password"

The Web Administration as configured in the example above will only be accessible from the same machine. In order to open the administration to outside access from all network interfaces, set hostname from localhost to 0.0.0.0.

3. Restart the Web Administration service

For the changes to take effect, restart the Web Administration service either in the Services section of Windows' Control panel or using the following command:

burusftpwa svc restart

Notes

You can also enable HTTPS using a standalone web server using a reverse proxy. These articles should get you started:

Web administration displays a warning when unencrypted HTTP endpoint is used, which might be the case when using a reverse proxy. To suppress this warning, use suppressHttpEndpointWarning: true option in web admin configuration file.

What next?

Download

Download fully functional free 30-day trial.

Free download

Non-commercial use

Get a free non-commercial license. It includes most of the features of Professional edition.

Get free license

Commercial use

If you use the server for anything related to business or commercial use you have to purchase a license.

Sales contact
sales@rebex.net

Buy a license

Get help

The server is completely free for personal, academy and other non-commercial use.

Technical support

support@rebex.net