March 30, 201115 yr Hi, does anyone knows how to make Proftpd secure via TLS/SSL? I installed proftpd over UnMenu and it has the mod_tls.c root@fileserver:/etc# proftpd -vl Compiled-in modules: mod_core.c mod_xfer.c mod_auth_unix.c mod_auth_file.c mod_auth.c mod_ls.c mod_log.c mod_site.c mod_ctrls.c mod_readme.c mod_ratio.c mod_tls.c mod_wrap.c mod_ctrls_admin.c mod_cap.c root@fileserver:/etc# and find out this to add to the proftpd.conf <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol SSLv23 TLSOptions NoCertRequest TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem TLSVerifyClient off TLSRequired on </IfModule> But I have no idea how to make the certs needed! Any clue? thanks in advance. Gonzalo.
March 30, 201115 yr google is your friend http://www.howtoforge.com/proftpd-tls-debian-etch from this article 3 Creating The SSL Certificate For TLS In order to use TLS, we must create an SSL certificate. I create it in /etc/proftpd/ssl, therefore I create that directory first: mkdir /etc/proftpd/ssl Afterwards, we can generate the SSL certificate as follows: openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE"). State or Province Name (full name) [some-State]: <-- Enter your State or Province Name. Locality Name (eg, city) []: <-- Enter your City. Organization Name (eg, company) [internet Widgits Pty Ltd]: <-- Enter your Organization Name (e.g., the name of your company). Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department"). Common Name (eg, YOUR name) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com"). Email Address []: <-- Enter your Email Address. only issue i see is that you would probably loose your certificates after a reboot .... so you better store the originals on your usb key somewhere and put a copy line into your go file at the end somewhere
March 30, 201115 yr Author Thanks for the quick reply. Tried that but I'm missing openssl! Is there any way to install it via unmenu or other way?
March 30, 201115 yr i know openssl is part of the SABNZB dependency package as i use it to connect secure to my usenet providers
March 30, 201115 yr Thanks for the quick reply. Tried that but I'm missing openssl! Is there any way to install it via unmenu or other way? Yes, it is also a package in unMENU's package manager: openssl-solibs (OpenSSL shared libraries)
Archived
This topic is now archived and is closed to further replies.