https://kb.rvmgroup.it/index.php?action=history&feed=atom&title=Configurazione_di_vsftpd_con_SSLConfigurazione di vsftpd con SSL - Revision history2026-05-05T21:35:56ZRevision history for this page on the wikiMediaWiki 1.44.2https://kb.rvmgroup.it/index.php?title=Configurazione_di_vsftpd_con_SSL&diff=9484&oldid=prevGabriele.vivinetto: Created page with "* Si hanno a disposizione, ad esempio i certificati generati da StartSSL: ** certificato server server.example.com.crt ** private key server.example.com.key ** Certificati ..."2016-01-15T18:14:49Z<p>Created page with "* Si hanno a disposizione, ad esempio i certificati generati da StartSSL: ** certificato server server.example.com.crt ** private key server.example.com.key ** Certificati ..."</p>
<p><b>New page</b></p><div>* Si hanno a disposizione, ad esempio i certificati generati da StartSSL:<br />
<br />
** certificato server<br />
server.example.com.crt<br />
** private key<br />
server.example.com.key<br />
** Certificati sub ca<br />
startcom-sub.class1.server.ca.crt<br />
<br />
* Installare il certificato server e la private key:<br />
sudo cp server.example.com.crt /etc/ssl/certs<br />
<br />
sudo cp server.example.com.key /etc/ssl/private/<br />
sudo chmod 600 /etc/ssl/private/server.example.com.key<br />
<br />
sudo cp startcom-sub.class1.server.ca.crt /usr/local/share/ca-certificates<br />
sudo update-ca-certificates<br />
<br />
* '''IMPORTANTE''': concatenare il certificato server con la subCA. Se non lo si fa, i client non riconosceranno come valido il certificato:<br />
cat server.example.com.crt startcom-sub.class1.server.ca.crt | sudo tee /etc/ssl/certs/server.example.com-bundle.crt<br />
<br />
* Configurare vsftpd:<br />
<br />
sudoedit /etc/vsftpd.conf <br />
<br />
<pre><br />
rsa_cert_file=/etc/ssl/certs/cloud01.rvmgroup.it-bundle.crt<br />
rsa_private_key_file=/etc/ssl/private/cloud01.rvmgroup.it.key<br />
ssl_enable=YES<br />
allow_anon_ssl=YES<br />
force_local_data_ssl=NO<br />
force_local_logins_ssl=NO<br />
ssl_tlsv1=YES<br />
ssl_sslv2=NO<br />
ssl_sslv3=NO<br />
require_ssl_reuse=NO<br />
ssl_ciphers=HIGH<br />
#debug_ssl=YES<br />
#log_ftp_protocol=YES<br />
#vsftpd_log_file=/var/log/vsftpd.log<br />
#dual_log_enable=YES<br />
</pre><br />
<br />
* Riavviare:<br />
sudo /etc/init.d/vsftpd restart<br />
<br />
* Provare a connettersi con curl. '''Attenzione:''': se non riconosce il certificato, verificare che in locale sia installata la catenza StartSSL:<br />
curl --ftp-ssl --capatch /etc/ssl/certs ftp://username:password@server.example.com<br />
<br />
<br />
* Nel caso, decommentare le righe di loggin, riavviare vsftpd e fare il tail di<br />
sudo tail -f /var/log/vsftpd.log<br />
<br />
sudo tail -f /var/log/xferlog<br />
<br />
* '''ATTENZIONE''': se non si connette, attenzione al firewall: non usa solo la porta 21 !!!<br />
<br />
=Riferimenti=<br />
*[http://www.liberiangeek.net/2014/09/enable-secure-vsftpd-ubuntu-14-04-ssltls/ How To Enable Secure VSFTPD On Ubuntu 14.04 With SSL/TLS | Liberian Geek]<br />
*[https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps How To Configure vsftpd to Use SSL/TLS on an Ubuntu VPS | DigitalOcean]<br />
*[http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_(TLS/SSL/SFTP) Configuring vsftpd for secure connections (TLS/SSL/SFTP) - VPSLink Wiki]<br />
*[https://winscp.net/forum/viewtopic.php?t=12627 Cannot access vsFTPd service via WinSCP :: Support Forum :: WinSCP]<br />
*[http://www.howsyournetwork.com/index.php/cID/49dc4e37/ID/46313c25b3e1cb6ccc4b7dc48b403215/fuseaction/base.detail.htm HowsYourNetwork.com]<br />
*[http://www.linuxquestions.org/questions/linux-server-73/vsftpd-cannot-list-directory-in-ssl-4175429353/ vsftpd cannot list directory in SSL]<br />
*[http://ubuntuforums.org/archive/index.php/t-1901964.html [ubuntu] Can't get SSL to work over vsftpd [Archive] - Ubuntu Forums]<br />
*[http://www.unixlore.net/articles/using-curl-for-ftp-over-ssl-file.html Unixlore.net - Linux and Unix Commandline tips, hacks and howtos]<br />
*[http://forum.debianizzati.org/viewtopic.php?f=19&t=50888 [RISOLTO] VSFTPD non si avvia con certificato SSL valido • Debianizzati.Org]<br />
*[http://curl.haxx.se/docs/sslcerts.html cURL - SSL CA Certificates]<br />
*[http://site4fast.blogspot.it/2011/10/vsftpd-ssl-how-to.html SSL how to: install ssl on vsftpd]<br />
*[https://access.redhat.com/solutions/3436 How to configure vsftpd with SSL/TLS on Red Hat Enterprise Linux ? - Red Hat Customer Portal]<br />
*[https://www.thatsgeeky.com/2011/01/configuring-vsftpd-to-use-tls/ Configuring vsFTPd to use TLS « That's Geeky]<br />
*[http://serverfault.com/questions/661870/vsftpd-does-not-give-a-valid-certificate-using-ca-cert ssl - vsftpd does not give a valid certificate using CA cert. - Server Fault]</div>Gabriele.vivinetto