Setting up a secure personal FTP server

[Deft]

I'm fiddling about trying to set up my home DSL connection as an FTP server using Serv-U. I've got it running all o.k. nicely - but got severe paranoia reading a thread on here about ISP's monitoring transmissions. Considering the amount of customers my ISP has i would think it unlikely that they would bother snooping in on little old me and what i'm sharing.
Anyway i like to try things so was going to try and set it to be secure using SSL.
Now i'm a bit thick - but looking at the help it seemed i could just type some details into the Serv-U SSL certificate settings and it would generate a server certificate based on this.
I did this and set the server to only accept secure connections.
I tried to connect to it using WS_FTP Pro just ticking the SSL box and changing the port no. to 990 (Which Serv-U does when doing only SSL connections).
But i couldn't get in anymore. Am i missing something. Do i need to tell my FTP client anything extra to gain access?
Any help appreciated.

 

[LaZorMan]

Hi. You have to use an Ftp client with SSL support..like WS_Ftp V.7x. And you have to create a certificate for the client as well.
The certificate is used for secure-FTP connections and data transfers that use SSL/TLS. When a secure-FTP client connects an "SSL handshake" ensues. Its purpose is to establish the server’s identity, an encryption key for use during that session, and a specific cipher to encrypt the session data with. The SSL handshake works as follows: First, the client sends a list of ciphers it’s willing to support to the server. Next, the server chooses a cipher for use during the subsequent session and sends over its certificate together with a big random number. The certificate tells the client who the server is and it contains an encryption key, called the server’s "public key". The client also creates a large random number and encrypts this using the server’s public key from the certificate. Next the server decrypts the client’s message using its "private key" (that corresponds to the server’s public key). Both client and server now use the random values to create a unique "session key" for encryption of the subsequent session and from there on both sides use that key and the selected cipher to encrypt the rest of their session. That is the SSL handshake in a nutshell, somewhat simplified but it gets the idea across.

As you see if the client don´t have a certificate no handshake can be performed and no connection will be allowed.

LaZorMan