This howto describes how to configure vsftpd to enable SSL using so called intermediate\/ chaining certificates.<\/p>\n
Edit vsftpd.conf so that SSL is enabled:<\/p>\n
<\/p>\n
ssl_enable=YES<\/p>\n
rsa_cert_file=\/usr\/share\/ssl\/certs\/vsftpd.pem<\/p>\n
force_local_data_ssl=No<\/p>\n
force_local_logins_ssl=NO<\/p>\n
It is very important to construct the certificate file \/usr\/share\/ssl\/certs\/vsftpd.pem with the correct certificate order. The fist Your certificate file has to be a .pem file. If you also received an Intermediate Certificate then you have to concatenate this with the Domain Certificate and your Private Key file into one single .pem file. Make sure all the information is included, without any spaces or blanks, see below.<\/p>\n
—–BEGIN CERTIFICATE—–<\/p>\n
(your_domain_name.crt)<\/p>\n
—–END CERTIFICATE KEY—–<\/p>\n
—–BEGIN CERTIFICATE—–<\/p>\n
(chaining certificate 3)<\/p>\n
—–END CERTIFICATE KEY—–<\/p>\n
—–BEGIN CERTIFICATE—–<\/p>\n
(chaining certificate 2)<\/p>\n
—–END CERTIFICATE KEY—–<\/p>\n
—–BEGIN CERTIFICATE—–<\/p>\n
(chaining certificate 1)<\/p>\n
—–END CERTIFICATE KEY—–<\/p>\n
—–BEGIN RSA PRIVATE KEY—–<\/p>\n
(your_domain_name.key)<\/p>\n
—–END RSA PRIVATE KEY—–<\/p>\n
This is how to check a SSL enabled FTP service (FTP Secure). See the result below:<\/p>\n
$ lftp -u username localhost -e “debug;set ftp:ssl-protect-data true;ls;exit”<\/p>\n
Password:<\/p>\n
<\/p>\n
$<\/p>\n
xferlog_file=\/var\/log\/vsftpd.log
\nxferlog_enable=YES
\ndirmessage_enable=YES
\ndata_connection_timeout=600
\ndual_log_enable=YES
\npam_service_name=vsftpd
\nuserlist_enable=YES
\ntcp_wrappers=YES
\nssl_enable=YES
\nallow_anon_ssl=NO
\nforce_local_data_ssl=YES
\nforce_local_logins_ssl=YES
\nssl_tlsv1=NO
\nssl_sslv2=NO
\nssl_sslv3=NO
\nssl_tlsv1_2=YES
\nssl_ciphers=HIGH:-3DES:-aNULL
\nrsa_cert_file=\/etc\/vsftpd\/rmohan.pem
\npasv_min_port=28000
\npasv_max_port=30000equire_ssl_reuse=NO<\/p>\n","protected":false},"excerpt":{"rendered":"
This howto describes how to configure vsftpd to enable SSL using so called intermediate\/ chaining certificates.<\/p>\n
Edit vsftpd.conf so that SSL is enabled:<\/p>\n
<\/p>\n
ssl_enable=YES<\/p>\n
rsa_cert_file=\/usr\/share\/ssl\/certs\/vsftpd.pem<\/p>\n
force_local_data_ssl=No<\/p>\n
force_local_logins_ssl=NO<\/p>\n
It is very important to construct the certificate file \/usr\/share\/ssl\/certs\/vsftpd.pem with the correct certificate order. The fist Your certificate file has to be a .pem file. If […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7543"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7543"}],"version-history":[{"count":2,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7543\/revisions"}],"predecessor-version":[{"id":7545,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7543\/revisions\/7545"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}