Tag: tls
COMMAND DUMP – upgrading a standard proftpd install to TLS
COMMANDDUMPproftpd
COMMAND DUMP – upgrading a standard proftpd install to TLS
upgrade a basic proftpd install to support FTPS with these commands
cd /etc/proftpd mkdir -p ssl openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem chmod 600 ssl/proftpd.*
Follow the prompts to put in your valid organization name
Then open the conf file #vi proftpd.conf and add the following (if the <IfModule mod_tls.c> directive already exist, replace the contents with the contenst below)
<IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd/tls.log #TLSProtocol TLSv1.2 TLSCipherSuite AES128+EECDH:AES128+EDH TLSOptions NoCertRequest AllowClientRenegotiations TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem TLSVerifyClient off TLSRequired on RequireValidShell no </IfModule>
Restart proftpd
/etc/init.d/proftpd stop /etc/init.d/proftpd start
Your can test this by running the following command to make sure that you can connect using the certificate
openssl s_client -connect 127.0.0.1:21 -starttls ftp