key rollover: proftpd

To: debian-www@lists.debian.org
Cc: team@security.debian.org
Subject: key rollover: proftpd
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 19 May 2008 14:24:31 +0200
Message-id: <[🔎] 20080519122431.GA7428@inutil.org>

Proftpd
=======

The Debian packaging doesn't include key generation, so the following
steps should only be nessecary if SSL keys have been created externally.

An upcoming proftpd upload to unstable will include a tls.conf template
with the commment below.

Note that the self-signed certificate generation is bit
different from that suggested on the general openssl section, in order
to avoid using of an explicit password at daemon startup.

You can (re-)generate a self-signed certificate using a command like:

 openssl req -x509 -newkey rsa:1024 \
         -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
         -nodes -days 365

Both file must be readable by root only. The file paths can be checked/configured
through the following configuration directives:

TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
TLSCACertificateFile                    /etc/ssl/certs/CA.pem
TLSOptions                              NoCertRequest

Reply to:

Follow-Ups:
- Re: key rollover: proftpd
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: wiki.debian.org/SSLKeys - RapidSSL certificate reissuing
Next by Date: Re: key rollover: proftpd
Previous by thread: Re: wiki.debian.org/SSLKeys - RapidSSL certificate reissuing
Next by thread: Re: key rollover: proftpd
Index(es):
- Date
- Thread