View Single Post
  #7  
Old 23rd November 2006, 19:06
Spaetzle Spaetzle is offline
Member
 
Join Date: Sep 2005
Posts: 56
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Hi

I played aroung with securing proftpd today. It works now on my Debian Sarge installation.

Here what I have done so far:

First create the needed certificates:
Code:
openssl req -new -x509 -days 3650 -nodes  -out /etc/ssl/certs/proftpd.cert.pem \
-keyout /etc/ssl/certs/proftpd.key.pem
Next edit /etc/proftpd.conf:
Code:
TLSEngine                       on
TLSLog                                  /var/log/proftpd/tls.log
TLSProtocol                             SSLv3
TLSOptions                              NoCertRequest
TLSRSACertificateFile                   /etc/ssl/certs/proftpd.cert.pem
TLSRSACertificateKeyFile                /etc/ssl/certs/proftpd.key.pem
TLSVerifyClient                         off
Now you should be able to connect to your server from himself (for testing install ftp-ssl and try out ftp -z secure localhost).
Next we have to edit /etc/proftpd_ispconfig. Add the following lines within the VirtualHost part.
Code:
TLSEngine                       on
TLSRSACertificateFile                   /etc/ssl/certs/proftpd.cert.pem
TLSRSACertificateKeyFile                /etc/ssl/certs/proftpd.key.pem
/etc/proftpd_ispconfig should look like this:
Code:
###################################
#
# ISPConfig proftpd Configuration File
#         Version 1.0
#
###################################
DefaultAddress 127.0.0.1
<VirtualHost your_ip>
        DefaultRoot             ~
        AllowOverwrite          on
        Umask                   002
        TLSEngine                       on
        TLSRSACertificateFile                   /etc/ssl/certs/proftpd.cert.pem
        TLSRSACertificateKeyFile                /etc/ssl/certs/proftpd.key.pem
</VirtualHost>

Hope it works for you too.

Bernd

Last edited by Spaetzle; 25th December 2006 at 11:10.
Reply With Quote