From owner-freebsd-questions@FreeBSD.ORG Mon Aug 10 18:59:36 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CE5FC106566C for ; Mon, 10 Aug 2009 18:59:36 +0000 (UTC) (envelope-from miklosovic.freebsd@gmail.com) Received: from mail-fx0-f224.google.com (mail-fx0-f224.google.com [209.85.220.224]) by mx1.freebsd.org (Postfix) with ESMTP id 49A8C8FC2B for ; Mon, 10 Aug 2009 18:59:35 +0000 (UTC) Received: by fxm24 with SMTP id 24so3496777fxm.36 for ; Mon, 10 Aug 2009 11:59:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=NvGbO2z7CoS64+PXtcX2kBh5f2cS1MwNeraJh3ZYCGM=; b=C+EU1k1ZPTHDpB6QJ09xdU6H/bG0k2+cfluj3zGnyYuYa9m//aktXLnsI0ZJFA/sHP F4+QqhJTEJwEjwPehy2HGVX8yrPiYswFfa37xJWqrP5oTYsdtGCpr8z6doaL2KAS/gh5 omDpQLiseQ9hwk1wokge6TsFPA/Q7+vBNYkY4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=ojZmAvx9LYIJhIYqUXf2H1QCkBVhhqdu24GPWNCmHkQfrwWy/7WH01Oo8jF61KPWS8 X/GNwm2IgW33kgTlZkebLz4AXsm5saT46byakz+ba88+ks/qJb4K+mrtB+KbR69ZcTJV ElM6c4HvRbWwmPQfXxom2ggrNMdis5wCgBRMU= MIME-Version: 1.0 Received: by 10.103.8.17 with SMTP id l17mr1967630mui.33.1249930774984; Mon, 10 Aug 2009 11:59:34 -0700 (PDT) Date: Mon, 10 Aug 2009 20:59:34 +0200 Message-ID: From: Stefan Miklosovic To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: vsftpd with ssl X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Aug 2009 18:59:37 -0000 Hi there, I am installing vsftpd server with ssl. It seems it works good, BUT *~:*ftp-tls notebook Trying 127.0.0.1... Connected to localhost. 220 Welcome to miniBSD service. 234 Proceed with negotiation. [Starting SSL/TLS negotiation...] WARNING: Server's certificate issuer's certificate isn't available locally. WARNING: Certificate is untrusted. WARNING: Unable to verify leaf signature. WARNING: Errors while verifying the server's certificate chain, continue? (Y/N) Y [Subject: C = SK, O = Crypto, CN = notebook, emailAddress = miklosovic@gmail.com] [Issuer: C = SK, ST = Slovakia, O = MyCompany, OU = sysadmins, CN = notebook, emailAddress = miklosovic@gmail.com] [Cipher: DES-CBC3-SHA (168 bits)] Compression: zlib compression Name (notebook:stewe): stewe 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> so, as you can see, I logged in successfully, but there's some issue with certificates. I did my own CA authority, signed it on myself, adjusted config in this way /usr/loca/etc/vsftpd.conf ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=YES rsa_private_key_file=/usr/local/etc/newkey.pem rsa_cert_file=/usr/local/etc/newcert.pem anonymous_enable=YES ..... an so on On the internet, there is a hint: "You must add the public key of your self signed CA to your OpenSSL certs directory." but how to do that ??? which dir? what public key? thank you