I am trying to help secure an FTP installation by forcing connections over
SSL, but at the moment it looks like I am missing a basic step and would
appreciate some info - even if it is to tell me that what I want to do can't
be done so I can stop trying.
The situation is as follows - RH server, running among other things VSFTPD
and OpenSSL. I don't have the versions to hand, but will post them later.
In the man page for vsftpd.conf there are a number of options which control
the configuration for SSL, but having configured most of them I note that
the one I can't do is the location of the certificate file.
Further investigation shows that there are a number of .pem files for
applications such as ipop3d, but no mention of vsftpd. I tried generating a
new certificate file using the installed OpenSSL, but there seems to be
something missing because the CA.pl file (used as a front end to the OpenSSL
engine) which the documentation references is nowhere to be found.
1) is there some default/generic certificate file I can use ?
2) if I need to issue a new cert and I can't find CA.pl, is there is set of
instructions somewhere indicating how to generate a cert which can be used
by VSFTPD ?
If anyone has any ideas it would be great.
David Ryan (used to be david at linux.ie long, long ago)
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!