So we have an old FTP site running off our SBS 2008 server and as we are moving away from that box I need to set that up on another machine. So I added the IIS and FTP role to one of our Server 2012 boxes and setup the site. On the 2008 box we had the site set for anonymous login but we wanted to make it a little more secure going forward so we used Basic authentication on the new site so users have to log in to the site in order to access it. I am concerned a little bit though about their passwords going across in clear text. The new site is utilizing the SSL certificate that was already available which is a Self-Signed certificate I think, not one from a commercial SSL provider. Can anyone point me in the right direction here to make sure this site is secure and passwords are not going to just be out there in plain text for someone...
↧