How to use the new “FTPS adapter” with BizTalk 2010
First of all – there is no new FTPS adapter. The already existing FTP adapter has been extended to support FTPS, which is really all you need anyway. However, several publications from Microsoft states there is a new FTPS adapter, which might be somewhat confusing.
So what is FTPS?
The support for FTPS was added with IIS 7.5, and is FTP over SSL, similar to HTTPS. Although it lacks some of the underlying infrastructure. When you visit an HTTPS site, you might be given various warnings if the certificate is not among your trusted ones. If you chose to ignore these warnings (and recommendations), you’re provided with the option of installing the public key in your certificate store. This logic is provided by your browser, and is a helpful way to manage your trusted sites.
The FTPS client (BizTalk in this case), however, require the public key to be installed manually before it can use it. When you’ve installed it, it works like a charm.
Create a Certificate
First you’ll need a certificate, a private key. There are several ways to create a certificate, but for the purpose of this sample, I’ll create one using IIS 7.5 manager.
Select the site root in the Connections pane on your left side. In the Action pane on your right, click the “Create Self-Signed Certificate”.
This will open a new dialog, where you can set a friendly name of your certificate:
When you’ve clicked Ok, you should be able to see the certificate in the list of Server Certificates. Select your newly created certificate and click “Export” in the Action pane. Set the path and password, and click Ok. this step will export the public key, which we’ll use later on.
Enable FTPS on your FTP site
As we now have a certificate created and registered on our server, we can proceed to enable our FTP site to use it. Select your FTP site, and double-click the “FTP SSL Settings” icon on your FTP Home page.
In the SSL Certificate dropdown list, select your certificate. You can choose either to Allow or to Require SSL connections. In this case I’ve chosen to “Require SSL Connections”. Click “Apply” in the Action pane, before you continue.
While in the FTP Home page, you might want to overlook the “FTP Authentication”, and “FTP Authorization Rules”.
Install the Public Key
Your FTP server is now ready to accept incoming SSL connections, and we can pursue with setting up the client (BizTalk). But first we need to install the public key, which you exported earlier. In my case, I’m logged in as Administrator, which happens to be the same account I use for my host instance. Hopefully, this is not the case for you, why you’ll to import the public key as the same account as you’re running the host instance with. However if you are logged in with the service account, double-click the certificate, and proceed with default values.
If you’re not logged on as the service account, open a command prompt and write the following:
runas /user:[Domain]\[User] "cmd.exe"
This will open a new command prompt, in which you type the path to where you saved the public key. Hit enter and proceed the wizard.
Extract the Thumbprint
Open the Certificate Manager (Start->Run->certmgr.exe), browse to the Trusted Root Certificate Authorities\Certificates folder, and double-click the certificate. Select the “Details” tab on top. Scroll down to the Thumbprint field, select it, and copy the value.
Configure Your BizTalk Port
I assume you are familiar to the normal FTP transport settings, so when you’re done configuring the server, port, username and password, paste the thumbprint in the “Client Certificate Hash” property. Set the “Use SSL” property to “true”. Start the port…You are done!
I’m a superstar and that’s how I do it!