May 16, 2009

How to: Creating a Certificate and Key for Vsftpd FTPS

In this post, we will create a Vsftpd SSL Certificate and Key using 1024 bit encryption to turn our Vsftps FTP server into a Vsftpd FTPS server.

The advantages of creating our own certificate are: we can define our company name, organization, location, and technical support contact information. This means when new users connect to our server, they will see our custom SSL Certificate with our company name and information, which will make our FTP look more formal/professional.

Overview of what we're about to do:
  1. Backup vsftpd.conf
  2. Edit our vsftpd.conf file and comment out the current certificate and key
  3. Insert the new location of our certificate and key
  4. Create our new certificate and key files
  5. Restart Vsftpd
  6. Put on our sunglasses and relax under the sun
The Guide:

1. Backup our vsftpd.conf file
sudo cp /etc/vsftpd.conf /etc/vsftpd.090522
2. Edit vsftpd.conf
sudo nano /etc/vsftpd.conf
3. Ensure that snakeoil rsa_cert_file and rsa_private_key_file are commented out. Insert the location of the new certicate and key.
#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.key
4. This will create a key that will expire after 365 days in which we will have to create a new key.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 \-keyout /etc/vsftpd/vsftpd.key \-out /etc/vsftpd/vsftpd.pem
5. Restart Vsftpd
sudo /etc/init.d/vsftpd restart
Test using your favorite FTPS enabled client

Good job, buddy!
.

2 comments: