June 2018
M T W T F S S
« May    
 123
45678910
11121314151617
18192021222324
252627282930  

Categories

WordPress Quotes

Are you bored with life? Then throw yourself into some work you believe in with all your heart, live for it, die for it, and you will find happiness that you had thought could never be yours.
Dale Carnegie

Recent Comments

June 2018
M T W T F S S
« May    
 123
45678910
11121314151617
18192021222324
252627282930  

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (26)
Ansibile (17)
Apache (124)
Asterisk (2)
cassandra (2)
Centos (207)
Centos RHEL 7 (250)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (24)
Eassy (11)
EXCHANGE (3)
Fedora (6)
ftp (5)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
horoscope (23)
Hyper-V (10)
IIS (15)
IPTABLES (15)
JAVA (6)
JBOSS (32)
jenkins (1)
Kubernetes (1)
Ldap (4)
Linux (188)
Linux Commands (167)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (21)
MYSQL (80)
Nagios (5)
NaturalOil (13)
Nginx (27)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (33)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (11)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (59)
Uncategorized (29)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

15 visitors online now
5 guests, 10 bots, 0 members

Hit Counter provided by dental implants orange county

vsftpd

This howto describes how to configure vsftpd to enable SSL using so called intermediate/ chaining certificates.

Edit vsftpd.conf so that SSL is enabled:

 

ssl_enable=YES

rsa_cert_file=/usr/share/ssl/certs/vsftpd.pem

force_local_data_ssl=No

force_local_logins_ssl=NO

It is very important to construct the certificate file /usr/share/ssl/certs/vsftpd.pem with the correct certificate order. The fist Your certificate file has to be a .pem file. If you also received an Intermediate Certificate then you have to concatenate this with the Domain Certificate and your Private Key file into one single .pem file. Make sure all the information is included, without any spaces or blanks, see below.

—–BEGIN CERTIFICATE—–

(your_domain_name.crt)

—–END CERTIFICATE KEY—–

—–BEGIN CERTIFICATE—–

(chaining certificate 3)

—–END CERTIFICATE KEY—–

—–BEGIN CERTIFICATE—–

(chaining certificate 2)

—–END CERTIFICATE KEY—–

—–BEGIN CERTIFICATE—–

(chaining certificate 1)

—–END CERTIFICATE KEY—–

—–BEGIN RSA PRIVATE KEY—–

(your_domain_name.key)

—–END RSA PRIVATE KEY—–

This is how to check a SSL enabled FTP service (FTP Secure). See the result below:

$ lftp -u username localhost -e “debug;set ftp:ssl-protect-data true;ls;exit”

Password:

 

$

xferlog_file=/var/log/vsftpd.log
xferlog_enable=YES
dirmessage_enable=YES
data_connection_timeout=600
dual_log_enable=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=NO
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1_2=YES
ssl_ciphers=HIGH:-3DES:-aNULL
rsa_cert_file=/etc/vsftpd/rmohan.pem
pasv_min_port=28000
pasv_max_port=30000equire_ssl_reuse=NO

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

Blue Captcha Image
Refresh

*

Protected by WP Anti Spam