CentOS Stream 9
Sponsored Link

FTP Server : Vsftpd over SSL/TLS2022/03/30

Enable SSL/TLS for Vsftpd to use secure FTP connections.
[1] Create self-signed certificates.
However, if you use valid certificates like from Let's Encrypt or others, you don't need to create this one.
[root@www ~]#
cd /etc/pki/tls/certs

[root@www certs]#
openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 3650

Generating a RSA private key
writing new private key to 'vsftpd.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:JP                                    # country code
State or Province Name (full name) []:Hiroshima                         # State
Locality Name (eg, city) [Default City]:Hiroshima                       # city
Organization Name (eg, company) [Default Company Ltd]:GTS               # company
Organizational Unit Name (eg, section) []:Server World                  # department
Common Name (eg, your name or your server's hostname) []:www.srv.world  # server's FQDN
Email Address []:root@srv.world                                         # admin's email

[root@www certs]#
chmod 600 vsftpd.pem

[2] Configure Vsftpd. Configure basic settings before it, refer to here.
[root@www ~]#
vi /etc/vsftpd/vsftpd.conf
# add to the end : enable SSL/TLS

[root@www ~]#
systemctl restart vsftpd

[3] If Firewalld is running, set fixed passive ports and allow them.
[root@www ~]#
vi /etc/vsftpd/vsftpd.conf
# add to the end
# fix passive ports with any range you like


[root@www ~]#
systemctl restart vsftpd
# allow fixed passive ports

[root@www ~]#
firewall-cmd --add-port=60000-60100/tcp

[root@www ~]#
firewall-cmd --runtime-to-permanent

FTP Client : CentOS
Configure FTP Client to use FTPS connection on CentOS Stream.
[4] Install FTP Client first, and next, configure like follows.
[redhat@dlp ~]$
vi ~/.lftprc
# create new

set ftp:ssl-auth TLS
set ftp:ssl-force true
set ftp:ssl-protect-list yes
set ftp:ssl-protect-data yes
set ftp:ssl-protect-fxp yes
set ssl:verify-certificate no
[redhat@dlp ~]$
lftp -u cent www.srv.world

lftp cent@www.srv.world:~>
FTP Client : Windows
[5] For example of FileZilla on Windows, Open [File] - [Site Manager].
[6] Click the [New site] button and input connection information like follows, for encryption field, select [Use explicit FTP over TLS].
[7] If you set self-signed certificate, following warning is shown, it's no problem. Go next.
[8] If settings are OK, it's possible to connect to FTP server with FTPS like follows.
Matched Content