Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Aug 2009 20:59:34 +0200
From:      Stefan Miklosovic <miklosovic.freebsd@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   vsftpd with ssl
Message-ID:  <f99a79ec0908101159q7112b066me71c2a0ed00e6f09@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
Hi there,

I am installing vsftpd server with ssl.
It seems it works good, BUT

*~:*ftp-tls notebook
Trying 127.0.0.1...
Connected to localhost.
220 Welcome to miniBSD service.
234 Proceed with negotiation.
[Starting SSL/TLS negotiation...]
WARNING: Server's certificate issuer's certificate isn't available locally.
WARNING: Certificate is untrusted.
WARNING: Unable to verify leaf signature.
WARNING: Errors while verifying the server's certificate chain, continue?
(Y/N) Y
[Subject: C = SK, O = Crypto, CN = notebook, emailAddress =
miklosovic@gmail.com]
[Issuer:  C = SK, ST = Slovakia, O = MyCompany, OU = sysadmins, CN =
notebook, emailAddress = miklosovic@gmail.com]
[Cipher:  DES-CBC3-SHA (168 bits)]
Compression: zlib compression
Name (notebook:stewe): stewe
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

so, as you can see, I logged in successfully, but there's some issue
with certificates.
I did my own CA authority, signed it on myself, adjusted config in this way

/usr/loca/etc/vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
rsa_private_key_file=/usr/local/etc/newkey.pem
rsa_cert_file=/usr/local/etc/newcert.pem
anonymous_enable=YES
..... an so on

On the internet, there is a hint:
"You must add the public key of your self signed CA to your OpenSSL certs
directory."
but how to do that ??? which dir? what public key?

thank you



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f99a79ec0908101159q7112b066me71c2a0ed00e6f09>