For FTP with SSL we need to generate the certificate. Follow the below steps:-
Write the below command:-
>openssl req -x509 -nodes -days 365 -newkey rsa:1024 \ -keyout /etc/vsftpd/vsftpd.pem \ -out /etc/vsftpd/vsftpd.pem
This will prompt for details to generate the certificate. Fill the details accordingly.
Once it is done, the certificate will be generated and stored on /etc/vsftpd/ as “vsftpd.pem”
You have to make an entry in the vsftpd.conf file to provide the location to the certificate file “vsftpd.pem” (file location - /etc/vsftp )
Add the below command along with other SSL parameters at the bottom of the vsftpd.conf file.
rsa_cert_file=/etc/vsftpd/vsftpd.pem (location of the certificate file)
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
(we have to mark=YES to “force_local_data_ssl” & “force local_logins_ssl” to establish FTP connection over ssl with port 21 and not the simple FTP.)
-Save and close the file.
-Restart the vsftpd server
>service vsftpd restart
No comments:
Post a Comment