FreeBSD 14
Sponsored Link

FTP : Vsftpd Over SSL/TLS2024/02/15

Configure Vsftpd to use SSL/TLS.
[1] Create self-signed certificates.
However. if you use valid certificates like from Let's Encrypt or others, you don't need to create this one.
root@www:~ #
mkdir /usr/local/etc/ssl

root@www:~ #
cd /usr/local/etc/ssl

root@www:/usr/local/etc/ssl #
openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 3650

Generating a RSA private key
writing new private key to 'vsftpd.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:JP                            # country code
State or Province Name (full name) [Some-State]:Hiroshima       # State
Locality Name (eg, city) []:Hiroshima                           # city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:GTS  # company
Organizational Unit Name (eg, section) []:Server World          # department
Common Name (e.g. server FQDN or YOUR name) []    # server's FQDN
Email Address []                                 # admin's email

root@www:/usr/local/etc/ssl #
chmod 600 vsftpd.pem

[2] Configure Vsftpd.
root@www:~ #
vi /usr/local/etc/vsftpd.conf
# add to last line


# if firewall service is running on the system, 
# fix passv ports and allow them on firewall service

root@www:~ #
service vsftpd restart

FTP Client : FreeBSD
Configure FTP Client to use FTPS connection.
[3] Install FTP Client on FreeBSD and configure like follows.
freebsd@client:~ $
vi ~/.lftprc
# create new

set ftp:ssl-auth TLS
set ftp:ssl-force true
set ftp:ssl-protect-list yes
set ftp:ssl-protect-data yes
set ftp:ssl-protect-fxp yes
set ssl:verify-certificate no
freebsd@client:~ $
lftp -u freebsd

FTP Client : Windows
[4] For example of FileZilla on Windows, Open [File] - [Site Manager].
[5] Input connection information like follows, and for encryption field, select [Require explicit FTP over TLS].
[6] If you set self-signed certificate, following warning is shown, it's no problem. Go next.
[7] If settings are OK, it's possible to connect to FTP server with FTPS like follows.
Matched Content