On Tue, 30 Sep 2014 00:12:47 -0400 (EDT), Marko Randjelovic wrote: > > Thanks for your informative answer, it did solve my problem, after > enabling implicit_ssl option in vsftpd (and btw after disabling > ssl:verify-certificate in lftp), I could transfer a test file.
How did you get the certificate signed that the server uses? Did you send out the certificate request to a "well known public CA", such as Verisign, Entrust, etc., to have it signed? Or is it signed by a private, in-house CA? Either way, you need to have the signer's certificate in the list of trusted CAs that the client (lftp) uses. Then you can enable ssl:verify-certificate. Note that I said that the *signer's* certificate needs to be in the list, not the *server's* certificate. The only time that you would put the *server's* certificate in the list is if the server is using a self-signed certificate, which is highly *not* recommended. Make sure that set ssl:ca-file "/etc/ssl/certs/ca-certificates.crt" is in effect on your lftp client. If the signer's certificate is not in the list, become root, then add it locally by copying the file to the directory /usr/local/share/ca-certificates. Make sure the certificate has an extension of ".crt". Then run the command update-ca-certificates This will update /etc/ssl/certs/ca-certificates.crt to include the local files in /usr/local/share/ca-certificates. Then switch back to your non-superuser self. -- .''`. Stephen Powell <[email protected]> : :' : `. `'` `- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
