Date: Mon, 10 Aug 2009 20:59:34 +0200 From: Stefan Miklosovic <miklosovic.freebsd@gmail.com> To: freebsd-questions@freebsd.org Subject: vsftpd with ssl Message-ID: <f99a79ec0908101159q7112b066me71c2a0ed00e6f09@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi there, I am installing vsftpd server with ssl. It seems it works good, BUT *~:*ftp-tls notebook Trying 127.0.0.1... Connected to localhost. 220 Welcome to miniBSD service. 234 Proceed with negotiation. [Starting SSL/TLS negotiation...] WARNING: Server's certificate issuer's certificate isn't available locally. WARNING: Certificate is untrusted. WARNING: Unable to verify leaf signature. WARNING: Errors while verifying the server's certificate chain, continue? (Y/N) Y [Subject: C = SK, O = Crypto, CN = notebook, emailAddress = miklosovic@gmail.com] [Issuer: C = SK, ST = Slovakia, O = MyCompany, OU = sysadmins, CN = notebook, emailAddress = miklosovic@gmail.com] [Cipher: DES-CBC3-SHA (168 bits)] Compression: zlib compression Name (notebook:stewe): stewe 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> so, as you can see, I logged in successfully, but there's some issue with certificates. I did my own CA authority, signed it on myself, adjusted config in this way /usr/loca/etc/vsftpd.conf ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=YES rsa_private_key_file=/usr/local/etc/newkey.pem rsa_cert_file=/usr/local/etc/newcert.pem anonymous_enable=YES ..... an so on On the internet, there is a hint: "You must add the public key of your self signed CA to your OpenSSL certs directory." but how to do that ??? which dir? what public key? thank you
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f99a79ec0908101159q7112b066me71c2a0ed00e6f09>