Re: vsftpd with ssl
On Tue, 30 Sep 2014 00:12:47 -0400 (EDT), Marko Randjelovic wrote:
>
> Thanks for your informative answer, it did solve my problem, after
> enabling implicit_ssl option in vsftpd (and btw after disabling
> ssl:verify-certificate in lftp), I could transfer a test file.
How did you get the certificate signed that the server uses?
Did you send out the certificate request to a "well known public CA",
such as Verisign, Entrust, etc., to have it signed? Or is it signed
by a private, in-house CA? Either way, you need to have the signer's
certificate in the list of trusted CAs that the client (lftp) uses.
Then you can enable ssl:verify-certificate. Note that I said that the
*signer's* certificate needs to be in the list, not the *server's*
certificate. The only time that you would put the *server's*
certificate in the list is if the server is using a self-signed
certificate, which is highly *not* recommended.
Make sure that
set ssl:ca-file "/etc/ssl/certs/ca-certificates.crt"
is in effect on your lftp client.
If the signer's certificate is not in the list, become root,
then add it locally by copying the file to the directory
/usr/local/share/ca-certificates. Make sure the
certificate has an extension of ".crt". Then run the command
update-ca-certificates
This will update /etc/ssl/certs/ca-certificates.crt to include
the local files in /usr/local/share/ca-certificates. Then
switch back to your non-superuser self.
--
.''`. Stephen Powell <zlinuxman@wowway.com>
: :' :
`. `'`
`-
Reply to: