Creating the CSR (Certificate Signing Request):

openssl req -new -days 365 -keyout vsftp.key -out vsftp.crt

now we export the private key from the key-file to let vsftpd start without prompt for a password.

openssl rsa -in vsftp.key -out vsftp_out.key

on this point, visit the CAcert.org page and start adding a server certificat

paste the content of vsftp.crt in the field below
„Fügen Sie Ihre Zertifikat-Anfrage (CSR) in folgendes Formularfeld ein:“

You should receive within a few minutes your signed certificate via email.

overwrite the content of vsftp.crt file with the certificate you should reveived from CACert.

at last, we have to connect our key with the certificate.

cat vsftp.crt vsftp_out.key > /etc/ssl/certs/vsftp.pem

these are the required lines for your vsftpd.conf

ssl_enable=YES 
allow_anon_ssl=NO 
force_local_data_ssl=NO 
force_local_logins_ssl=NO 
ssl_tlsv1=YES 
ssl_sslv2=YES 
ssl_sslv3=YES 
rsa_cert_file=/etc/ssl/certs/vsftp.pem