Filezilla Server PS Script

Good news first, I cobbled together a working solution for filezilla server certs with letsencrypt using openssl. I just was hoping to get some help making it prettier as I am more of a batch-script guy.

$pfx = $result.ManagedItem.CertificatePath
d:\utils\OpenSSL-Win32\bin\openssl pkcs12 -in $pfx -out D:\docs\certs\letsencrypt.key -nocerts -nodes -passin pass:
d:\utils\OpenSSL-Win32\bin\openssl rsa -in D:\docs\certs\letsencrypt.key -out D:\docs\certs\letsencrypt_rsa.key
d:\utils\OpenSSL-Win32\bin\openssl pkcs12 -in $pfx -out D:\docs\certs\letsencrypt.pem -nokeys -clcerts -passin pass:

TLDR;
My question: Are there clean ways to hide those two paths in a powershell script?
d:\utils\OpenSSL-Win32\bin\ and
d:\docs\certs\

1 Like

Awesome! Very good to see an example of certificate transforma with OpenSSL. One thing I’d like to do with scripting is provide UI to set parameter values so you can re-use the same script for different things (same as we do for DNS providers). That’s probably some time away though, I just need to make time and make it a priority.

The other option I’d like to implement is to optionally export to the various formats as part of deployment, so you don’t have to do the conversions yourself.

Well I am grateful that certifytheweb has the post scripts. One product takes care of my family website, rdp box AND now the TLS for my FTP server.

Thanks and hope that this helps some other users, I figured out the answers to some of my questions, here’s my working script with notes that can be configured below:

# Alias to your OpenSSL install
set-alias ossl "d:\utils\OpenSSL-Win32\bin\openssl" 

# Update keypath to where your keys will be saved a nd their names.
$keypath = "D:\docs\certs\"
$key = $keypath + "letsencrypt.key"
$rsakey = $keypath + "letsencrypt_rsa.key"
$pem = $keypath + "letsencrypt.pem"

# Get the latest PFX file path
$pfx = $result.ManagedItem.CertificatePath

# Create the Key, RSA Key, and PEM file. Use the RSA Key & PEM for FileZilla
ossl pkcs12 -in $pfx -out $key -nocerts -nodes -passin pass:
ossl rsa -in $key -out $rsakey
ossl pkcs12 -in $pfx -out $pem -nokeys -clcerts -passin pass:
2 Likes

Thanks, this worked well.

Others seeing this don’t forget to add param($result) at the top otherwise the script doesn’t know how to access the passed variables.

1 Like

Yes if you are doing custom scripting please check out the introduction docs first: https://docs.certifytheweb.com/docs/script-hooks.html

1 Like

does anyone have a tutorial on how to get filezilla ftp server working with certify the web? The script is a big help but i am unclear without a lot of trial and error all the steps necessary to get certify the web and filezilla working together. Thanks.

Normally I think people will say that’s a filezilla problem and you should check their site, but after reviewing I could see requiring a little more help.
https://wiki.filezilla-project.org/FTP_over_TLS
https://wiki.filezilla-project.org/FTPS_using_Explicit_TLS_howto_(Server)

I figured I could at least share what my configuration screen looks like. I am getting ready to retire this server and setup on a new one so I may be running into this again soon ;]

Good luck!

This script is really helpful, but a key command is missing. You have to get the $result object in order to use it.

param($result)   # required to access the $result parameter

So the full script would be:

param($result)   # required to access the $result parameter

# Alias to your OpenSSL install
set-alias ossl "d:\utils\OpenSSL-Win32\bin\openssl" 

# Update keypath to where your keys will be saved a nd their names.
$keypath = "D:\docs\certs\"
$key = $keypath + "letsencrypt.key"
$rsakey = $keypath + "letsencrypt_rsa.key"
$pem = $keypath + "letsencrypt.pem"

# Get the latest PFX file path
$pfx = $result.ManagedItem.CertificatePath

# Create the Key, RSA Key, and PEM file. Use the RSA Key & PEM for FileZilla
ossl pkcs12 -in $pfx -out $key -nocerts -nodes -passin pass:
ossl rsa -in $key -out $rsakey
ossl pkcs12 -in $pfx -out $pem -nokeys -clcerts -passin pass: