vsftpd with ssl

Stefan Miklosovic miklosovic.freebsd at gmail.com
Mon Aug 10 18:59:37 UTC 2009


Hi there,

I am installing vsftpd server with ssl.
It seems it works good, BUT

*~:*ftp-tls notebook
Trying 127.0.0.1...
Connected to localhost.
220 Welcome to miniBSD service.
234 Proceed with negotiation.
[Starting SSL/TLS negotiation...]
WARNING: Server's certificate issuer's certificate isn't available locally.
WARNING: Certificate is untrusted.
WARNING: Unable to verify leaf signature.
WARNING: Errors while verifying the server's certificate chain, continue?
(Y/N) Y
[Subject: C = SK, O = Crypto, CN = notebook, emailAddress =
miklosovic at gmail.com]
[Issuer:  C = SK, ST = Slovakia, O = MyCompany, OU = sysadmins, CN =
notebook, emailAddress = miklosovic at gmail.com]
[Cipher:  DES-CBC3-SHA (168 bits)]
Compression: zlib compression
Name (notebook:stewe): stewe
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

so, as you can see, I logged in successfully, but there's some issue
with certificates.
I did my own CA authority, signed it on myself, adjusted config in this way

/usr/loca/etc/vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
rsa_private_key_file=/usr/local/etc/newkey.pem
rsa_cert_file=/usr/local/etc/newcert.pem
anonymous_enable=YES
..... an so on

On the internet, there is a hint:
"You must add the public key of your self signed CA to your OpenSSL certs
directory."
but how to do that ??? which dir? what public key?

thank you


More information about the freebsd-questions mailing list