Scientific Linux 6
Sponsored Link

ProFTPD Over SSL/TLS2011/03/19

  Enable SSL/TLS on ProFTPD.

[1] Configure for SSL/TLS
[root@www ~]#
cd /etc/pki/tls/certs

[root@www certs]#
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/pki/tls/certs/proftpd.pem -out /etc/pki/tls/certs/proftpd.pem

Generating a 1024 bit RSA private key
......++++++
.......++++++
writing new private key to '/etc/pki/tls/certs/proftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
JP
 
# country

State or Province Name (full name) [Some-State]:
Hiroshima
 
# state

Locality Name (eg, city) []:
Hiroshima
 
# city

Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Server World
 
# company

Organizational Unit Name (eg, section) []:
IT Solution
 
# department

Common Name (eg, YOUR name) []:
www.srv.world
 
# server's FQDN

Email Address []:
xxx@srv.world
 
# email address


[root@www certs]#
chmod 600 proftpd.pem

[root@www certs]#
vi /etc/proftpd.conf


# line 176: change like follows

#
<IfDefine TLS>
  TLSEngine   on
  TLSRequired   on
  TLSRSACertificateFile   /etc/pki/tls/certs/proftpd.pem
  TLSRSACertificateKeyFile   /etc/pki/tls/certs/proftpd.pem
  TLSCipherSuite   ALL:!ADH:!DES
  TLSOptions   NoCertRequest
  TLSVerifyClient   off
  TLSRenegotiate   ctrl 3600 data 512000 required off timeout 33 00
  TLSLog   /var/log/proftpd/tls.log
#
  <IfModule mod_tls_shmcache.c>
#
  TLSSessionCache   shm:/file=/var/run/proftpd/sesscache
#
  </IfModule>
#
</IfDefine>

[root@www certs]#
/etc/rc.d/init.d/proftpd restart

Shutting down proftpd:   [  OK  ]
Starting proftpd:   [  OK  ]
[2] Configure on client PC. Use FileZilla that has a function of connecting trough SSL/TLS. Open 'File'-'Site Manager' and input login info, and select 'TLS/SSL' in 'Server Type'.
 
[3] Following waring is shown because certificate is originally created, but it's no ploblem. Go next.
 
[4] Just connected.
 
Matched Content