In my other post i wrote about using Apache-tomcat SSL keys in Apache-httpd server. This post explains how to use apache-httpd SSL keys in vsftpd.
I assume that you have a working copy of vsftpd. If not please install and configure vsftpd as per your requirement. Here is what you have to do to enable ftps (ftp through SSL).
Store all your apache SSL keys in a location accessible to vsftpd. I kept them under /root/vsftpd_keys/. There will be minimum two files (private and public key). In my case i had 3 private key (exported.key), public key (mydomain.com.crt) and two intermediate keys (cross_intermediate.crt, gd_intermediate.crt).
First we have to combine public and intermediate keys into one file:
# cd /root/vsftpd_keys/
# cat mydomain.com.crt cross_intermediate.crt intermediate.crt > vsftpd_domain_inter_comb3.crt
Note: 1. You have to concatenate the files in the same order specified above.
2. It is fine to join just the domain & intermediate certs if your certificate chain doesn't need/have cross_intermediate.
Edit the vsftpd.conf file (Usually /etc/vsftpd/vsftpd.conf) and add the following to the end of the file:
userlist_enable=YES
ssl_enable=YES
allow_anon_ssl=YES
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/root/vsftpd_keys/vsftpd_domain_inter_comb3.crt
rsa_private_key_file=/root/vsftpd_keys/exported.key
pasv_enable=YES
pasv_address= <your ip here> (Note: When the system is behind NAT firewall you have to give the firewall's NATed IP here).
pasv_min_port=1500
pasv_max_port=1505
The above configuration requires incoming ports 1500 to 1505 to be open in the firewall, if you have one.
No comments:
Post a Comment