FTP+SSL HOWTO

Before we begin, if you are not currently running vsftpd (Very Secure File Transfer Protocol Daemon), please replace your ftp server
software with the most recent version. It runs on any platform besides Windows, is small, stable, has few dependencies (is very easy to install), and ALL other ftp implementations have had security compromises. It can be downloaded here:

http://vsftpd.beasts.org/

First, follow the instructions for generating a CSR using OpenSSL which can be found at SSL Certificates CSR Generation

When prompted for which type of server software you are using, select 'OTHER' from the drop-down menu.

If you purchased an InstantSSL or EnterpriseSSL you will be issued a .zip file containing three files: your.server.crt, UTNAddTrustExternalCA.crt, and AddTustExternalCA.crt. Concatenate them into a single .pem file with the following command (BE SURE TO PUT THEM IN THE CORRECT ORDER):

# cat your.server.crt UTNAddTrustExternalCA.crt AddTrustExternalCA.crt > your.server.pem

If you purchased a EssentialSSL you will be issued a .zip file containing four files: your.server.crt, EssentialSSLCA.crt, ComodoUTNServerCA.crt, UTNAddTrustServerCA.crt, and AddTrustExternalCA.crt. Concatenate them into a single .pem file with the following command (BE SURE TO PUT THEM IN THE CORRECT ORDER):

# cat your.server.crt, EssentialSSLCA.crt ComodoUTNServerCA.crt UTNAddTrustServerCA.crt AddTrustExternalCA.crt > your.server.pem

If you purchased a PositiveSSL you will be issued a .zip file containing four files: your.server.crt, PositiveSSLCA.crt, UTNAddTrustServerCA.crt, and AddTrustExternalCA.crt. Concatenate them into a single .pem file with the following command (BE SURE TO PUT THEM IN THE CORRECT ORDER):

# cat your.server.crt, PositiveSSLCA.crt UTNAddTrustServerCA.crt AddTrustExternalCA.crt > your.server.pem

Note: BE CAREFUL WITH 'cat'. IT WILL OVERWRITE FILES WITHOUT PROMPTING!

Alternatively, you can download the Bundle File which corresponds to the certificate you purchased here:

Move the file to the location where you keep your certificates (usually /usr/share/ssl/certs/).

Open your vsftp.conf file (default location is /etc/vsftpd/vsftpd.conf) with your favorite text editor and add the following
line:

rsa_cert_file /path/to/your.server.pem

Restart vsftpd with

# /etc/init.d/vsftpd restart
or
# /sbin/service/vsftpd restart
or
# killall vsftpd
# vsftpd

Your vsftp server is now secure.
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What does the Warranty actually mean?

We believe it is important to protect the end user. If we were to issue a certificate in error to...

Why does the secure part of the website say the name on the security certificate is invalid or does not match the name of the site?

There are a few possible reasons for this:1) The certificate has a Common Name (CN) of...

The CSR cannot be decoded or is invalid

CSR is possibly missing one or more required fields.The CSR must contain a minimum of the...

I have accidentally deleted or lost my Private Key

First check your backups and see if you can re-install the "private key". If you don't know how...

I have changed my server, or moved to a different provider, how do I move the certificate?

If you are moving servers or providers, you will need to get the certificate and private key from...