There may be some situations where you want to encrypt FTP traffic with SSL certificates rather than using SFTP with SSH. Using vsftpd with SSL encryption is quite easy, and here's how it's done:
First, you'll need to make a new self-signed SSL certificate (if you don't have a key and certificate available already):
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout server.key -out server.crt
Once you have the key and certificate made, you'll need to concatenate them into a PEM file:
# cat server.key > /etc/vsftpd/server.pem # cat server.crt >> /etc/vsftpd/server.pem
Now, simply adjust the vsftpd configuration file to enable SSL encryption:
ssl_enable=YES force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=YES rsa_cert_file=/etc/vsftpd/server.pem
Once that's complete, restart vsftpd and you will be able to connect to your FTP server using SSL/TLS encryption.
Further Reading:
Manpage of vsftpd.conf
What if I want to put in a signed cert as opposed to a self-signed one? Would the procedures change for that?
Charles,
You'd just need to put your swap in your private key and signed cert into the .pem file, but that'd be about it. Of course, if your CA has intermediate certificates, be sure to add them to the end of the .pem file.
Thank u after searching for a while this helped me out:) !
THANK YOU!!
I'd been having problems creating a cert for an hour or two now, and this solved everything!
Thank you for your extremely easy to read guide