{"id":532,"date":"2011-06-04T07:44:20","date_gmt":"2011-06-04T14:44:20","guid":{"rendered":"http:\/\/jim-zimmerman.com\/?p=532"},"modified":"2014-01-10T12:12:58","modified_gmt":"2014-01-10T19:12:58","slug":"enable-ftps-in-vsftpd","status":"publish","type":"post","link":"https:\/\/jim-zimmerman.com\/?p=532","title":{"rendered":"Enable ftps in vsftpd."},"content":{"rendered":"<p>To enable ftps on my CentOS 5 server I first needed to create a self-signed certificate:<\/p>\n<blockquote><p># cd \/etc\/pki\/tls\/certs<br \/>\n# make vsftpd.pem<br \/>\numask 77 ; \\<br \/>\n\tPEM1=`\/bin\/mktemp \/tmp\/openssl.XXXXXX` ; \\<br \/>\n\tPEM2=`\/bin\/mktemp \/tmp\/openssl.XXXXXX` ; \\<br \/>\n\t\/usr\/bin\/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \\<br \/>\n\tcat $PEM1 >  vsftpd.pem ; \\<br \/>\n\techo &#8220;&#8221;    >> vsftpd.pem ; \\<br \/>\n\tcat $PEM2 >> vsftpd.pem ; \\<br \/>\n\trm -f $PEM1 $PEM2<br \/>\nGenerating a 1024 bit RSA private key<br \/>\n&#8230;&#8230;&#8230;.++++++<br \/>\n&#8230;&#8230;&#8230;&#8230;&#8230;&#8230;..++++++<br \/>\nwriting new private key to &#8216;\/tmp\/openssl.R27560&#8217;<br \/>\n&#8212;&#8211;<br \/>\nYou are about to be asked to enter information that will be incorporated<br \/>\ninto your certificate request.<br \/>\nWhat you are about to enter is what is called a Distinguished Name or a DN.<br \/>\nThere are quite a few fields but you can leave some blank<br \/>\nFor some fields there will be a default value,<br \/>\nIf you enter &#8216;.&#8217;, the field will be left blank.<br \/>\n&#8212;&#8211;<br \/>\nCountry Name (2 letter code) [GB]:<em>Country<\/em><br \/>\nState or Province Name (full name) [Berkshire]:<em>State<\/em><br \/>\nLocality Name (eg, city) [Newbury]:<em>City<\/em><br \/>\nOrganization Name (eg, company) [My Company Ltd]:<em>Company<\/em><br \/>\nOrganizational Unit Name (eg, section) []:<em>Department<\/em><br \/>\nCommon Name (eg, your name or your server&#8217;s hostname) []:<em>Servername<\/em><br \/>\nEmail Address []:<em>Emailaddress<\/em>\n<\/p><\/blockquote>\n<p>Copy the newly created certificate to \/etc\/vsftpd:<\/p>\n<blockquote><p># cp -p vsftpd.pem \/etc\/vsftpd\/<\/p><\/blockquote>\n<p>Add the following to the vsftpd.conf file:<\/p>\n<blockquote><p># vi \/etc\/vsftpd\/vsftpd.conf<br \/>\n&#8230;<br \/>\nssl_enable=YES<br \/>\nrsa_cert_file=\/etc\/vsftpd\/vsftpd.pem<br \/>\n&#8230;<\/p><\/blockquote>\n<p>Note: As is above, this will not allow non-anoymous users to use plain ftp.  They will have to use ftps.  To change this behavior, add the following to your vsftpd.conf:<\/p>\n<blockquote><p>force_local_data_ssl=NO<\/p>\n<p>Then, restart\/start vsftpd:<\/p>\n<p>service vsftpd restart\n<\/p><\/blockquote>\n<p>Note: This worked fine from WinSCP and SmartFTP, but Filezilla gives me the following:<br \/>\nError:\tGnuTLS error -12: A TLS fatal alert has been received.<br \/>\nError:\tCould not connect to server<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To enable ftps on my CentOS 5 server I first needed to create a self-signed certificate: # cd \/etc\/pki\/tls\/certs # make vsftpd.pem umask 77 ; \\ PEM1=`\/bin\/mktemp \/tmp\/openssl.XXXXXX` ; \\ PEM2=`\/bin\/mktemp \/tmp\/openssl.XXXXXX` ; \\ \/usr\/bin\/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \\ cat $PEM1 > vsftpd.pem [&#038;hellip<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[186,185],"class_list":["post-532","post","type-post","status-publish","format-standard","hentry","category-documentation","tag-ftps","tag-vsftpd"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=532"}],"version-history":[{"count":4,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/532\/revisions"}],"predecessor-version":[{"id":1042,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/532\/revisions\/1042"}],"wp:attachment":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}