requesting the certificate:

Creating the CSR (Certificate Signing Request):

# openssl req -new -days 365 -keyout vsftp.key -out vsftp.crt<<BR>>

now we export the private key from the key-file to let vsftpd start without prompt for a password.

# openssl rsa -in vsftp.key -out vsftp_out.key<<BR>>

on this point, visit the CAcert.org page and start adding a server certificat

paste the content of vsftp.crt in the field below
"F├╝gen Sie Ihre Zertifikat-Anfrage (CSR) in folgendes Formularfeld ein:"

You should receive within a few minutes your signed certificate via email.

overwrite the content of vsftp.crt file with the certificate you should reveived from CACert.

at last, we have to connect our key with the certificate.

# cat vsftp.crt vsftp_out.key > /etc/ssl/certs/vsftp.pem<<BR>>

setup vsftpd for ssl usage

these are the required lines for your vsftpd.conf

ssl_enable=YES

allow_anon_ssl=NO

force_local_data_ssl=NO

force_local_logins_ssl=NO

ssl_tlsv1=YES

ssl_sslv2=YES

ssl_sslv3=YES

rsa_cert_file=/etc/ssl/certs/vsftp.pem

FTP-Server (last edited 2009-08-31 10:03:09 by FabianAffolter)