Pure-ftpd fails to use correct SSL certificate

Discussion in 'Installation/Configuration' started by Blaasbalg, Nov 19, 2013.

  1. Blaasbalg

    Blaasbalg Member


    I've followed this tutorial in order to secure my services using an official SSL certificate (although I'm not using StartSSL).

    Most services appear to 'accept' the certificate, except for the FTP server.
    Everytime I connect to the FTP server, I get the following screen:


    Worth mentioning is that I received the same screen when I was still using the self-signed certificate (as expected of course, but the screen showed the exact same details (someOrganization etc.) even though I entered custom details).
    Therefore, my initial thought was that it tries to read the certificate from somewhere else, but I don't know where and even if this is the case at all.

    Server is running CentOS 6.4 (x64).

    What could be the cause of this issue?
  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Have you installed the certificate bundle (intermediate and root) in the ftp?
  3. Blaasbalg

    Blaasbalg Member

    Yes, they are inside ispserver.pem. A symbolic link has been made to this file:

    cd /etc/ssl/private/
    ln -s /usr/local/ispconfig/interface/ssl/ispserver.pem pure-ftpd.pem
  4. Blaasbalg

    Blaasbalg Member

    Any ideas?
  5. jhewit

    jhewit New Member

    How did you convert the CRT file to PEM? If you just changed the extension that won't work. Here's what I used:

    openssl x509 -in ispserver.crt -out ispserver.pem -outform PEM
    Of course doing so within the SSL folder /usr/local/ispconfig/interface/ssl .

    The reason I say this is if you just changed it the extension from crt to pem it will not work they are different entirely.

    Hope this helps, if not let me know I'll do more research.
  6. Blaasbalg

    Blaasbalg Member

    I did it exactly as described in the tutorial, listed in my first post. ;)

    The other services (web server, mail server, etc.) are accepting the certificate, and are working fine. So I think it's not a problem with the certificate files.
  7. Blaasbalg

    Blaasbalg Member

    I can't seem to figure this one out.

    The certificate files are there and appear to be fine. However, Pure-ftpd continues to fail to use them correctly.

    Are there any options left I should try?
  8. Blaasbalg

    Blaasbalg Member

    Update: It seems I was experiencing the exact same problem as described in [thread=64225]this thread[/thread].

    The issue appears to be resolved. :)

    Although FileZilla still displays an unknown certificate dialog while connecting (this time with the correct certificate details though :)), but according to FileZilla, this is to be expected as FileZilla does not use the OS certificate store (thus doesn't trust any certificate by default).

Share This Page