Configuring FTP over SSL with Powershell

I have a network of 700 POS machines, running Windows 7 Embedded, with IIS installed. I use the IIS only for FTP functionality to send and receive files from my POS.

I am now looking to make this FTP over SSL, rather than plain text FTP. I successfully set this up in my lab, manually. Now that I am looking to deploy it to the rest of the fleet, I would love to automate it via powershell. I am pretty good with automating processes with powershell already, but I don’t have much experience with the IIS side of things.

Currently I have a script that looks like this:

path to certificate

$certPath = ‘C:\Upgrades\cert\retail.mydomain.local.pfx’

import the pfx certificate into the personal store

certutil.exe -importPFX $certPath

add the web administration module

Import-Module -Name webadministration

$defaultFTP = ‘IIS:\Sites\Default FTP Site’

set the properties to require FTP over SSL

Set-ItemProperty -Path $defaultFTP -Name ftpServer.security.ssl.controlChannelPolicy -Value 1
Set-ItemProperty -Path $defaultFTP -Name ftpServer.security.ssl.dataChannelPolicy -Value 1
This imports my cert into the personal store, and requires SSL over FTP (both data channel and control).

I am thinking that now I need to be able to tell the FTP site to use the certificate in my personal store, and set the port for the data channel (I picked 5001) in the FTP Firewall Support section.

I haven’t really been able to find what I am looking for via searching - I am hoping someone here can help point me in the right direction.

Thanks

sb

Hi Stephen,

Does below work for you?

https://gist.github.com/Dan1el42/2de2e7635e48fd00b2cc

Best,
Daniel

Thank you for this post, I will give it a try tomorrow and report back!!

This did the trick. Thank you so much for the info.

This works much better than the way that I was accomplishing this previously. I kept getting an error that the configuration was locked.

With the examples you gave, this issue seems to have been resolved.

Thanks again,
sb

You are very welcome.

Best,
Daniel