Fedora 19
Sponsored Link

ProFTPD Over SSL/TLS2013/07/04

Enable SSL/TLS on ProFTPD.
[1] Configure for SSL/TLS
[root@www ~]#
cd /etc/pki/tls/certs

[root@www certs]#
openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/proftpd.pem -out /etc/pki/tls/certs/proftpd.pem

Generating a 2048 bit RSA private key
writing new private key to '/etc/pki/tls/certs/proftpd.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:
# country

State or Province Name (full name) [Some-State]:
# state

Locality Name (eg, city) []:
# city

Organization Name (eg, company) [Internet Widgits Pty Ltd]:
# company

Organizational Unit Name (eg, section) []:
Server World
# department

Common Name (eg, YOUR name) []:
# server's FQDN

Email Address []:
# email address
[root@www certs]#
chmod 600 proftpd.pem

[root@www certs]#
vi /etc/proftpd.conf
# line 295: change like follows

<IfDefine TLS>
  TLSEngine   on
  TLSRequired   on
  TLSRSACertificateFile   /etc/pki/tls/certs/proftpd.pem
  TLSRSACertificateKeyFile   /etc/pki/tls/certs/proftpd.pem
  TLSCipherSuite   ALL:!ADH:!DES
  TLSOptions   NoCertRequest
  TLSVerifyClient   off
  #TLSRenegotiate   ctrl 3600 data 512000 required off timeout 33 00
  TLSLog   /var/log/proftpd/tls.log
  <IfModule mod_tls_shmcache.c>
  TLSSessionCache   shm:/file=/var/run/proftpd/sesscache
[root@www certs]#
systemctl restart proftpd.service

[2] Configure on client PC. Use FileZilla that has a function of connecting trough SSL/TLS. Open 'File'-'Site Manager' and input login info, and select 'TLS/SSL' in 'Server Type'.
[3] Password is required. Input it.
[4] Following waring is shown because certificate is originally created, but it's no ploblem. Go next.
[5] Just connected.
Matched Content