Re: Secure ftp
> Works nice, thanks. I do have a
> question. When using
> ssl:verify-certificate what is required
> for the certificate to be signed by a
> known Certificate Authority? I'm
> getting "Fatal: self-signed
> certificate". This may be a vsftpd
> problem because the only certificate I
> found which works is created by 'openssl
> req -new -x509 -nodes \
> -out vsftpd.pem -keyout vsftpd.pem'.
> However, I'm hoping to find a way around
> this. Thanks for any help.
Found a way around this, visit the vsftpd project to see my comments.
Also made some other discoveries which I hope help someone else.
lftp requires both ssl:cert-file and ssl:key-file in order to deliver it's certificate upon request.
Also, when using ssl:verify-certificate, it reuires nsCertType = server as a part of the server's certificate.
Re: Certificate requirements
> The only thing I found which works is
> 'openssl req -new -x509 -nodes -out
> vsftpd.pem -keyout vsftpd.pem' but I'm
> getting a "Fatal: self-signed
> certificate" when trying to use it
> with lftp. Are there other options?
> Thanks for any help.
Found the answer (thanks cacert.org - Google
for 'vsftpd certificate' without the quotes),
hopefully it will help someone else.
For a signed, unencrypted key certificate:
#Create certificate request
openssl req -new -days 365 -config vsftpd.cnf \
-keyout vsftpd.key -out vsftpd.crt
#Sign the request
openssl ca -config vsftpd.cnf -in vsftpd.req \
#Extract unencrypted key out of encrypted one
openssl rsa -in vsftpd.key -out vsftpd_out.key
#Combine certificate and unencrypted key
cat vsftpd.crt vsftpd_out.key > vsftpd.pem
For a signed, encrypted key certificate simply copy
vsftpd.key instead of vsftpd_out.key to vsftpd.pem.
You will be prompted for the pass phrase at startup.