====== vsftpd mit CACert ======

===== requesting the certificate: =====


Creating the CSR (Certificate Signing Request):

<code bash>openssl req -new -days 365 -keyout vsftp.key -out vsftp.crt</code>

now we export the private key from the key-file to let vsftpd start without prompt for a password.

<code bash>openssl rsa -in vsftp.key -out vsftp_out.key</code>

on this point, visit the [[http://www.cacert.org|CAcert.org]] page and start adding a server certificat

paste the content of vsftp.crt in the field below
"Fügen Sie Ihre Zertifikat-Anfrage (CSR) in folgendes Formularfeld ein:"

You should receive within a few minutes your signed certificate via email.

overwrite the content of vsftp.crt file with the certificate you should reveived from CACert.

at last, we have to connect our key with the certificate.

<code bash>cat vsftp.crt vsftp_out.key > /etc/ssl/certs/vsftp.pem</code>

===== setup vsftpd for ssl usage =====


these are the required lines for your vsftpd.conf

<code bash>
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/ssl/certs/vsftp.pem
</code>

{{tag>linux unix}}