Hi there, I am installing vsftpd server with ssl. It seems it works good, BUT
*~:*ftp-tls notebook Trying 127.0.0.1... Connected to localhost. 220 Welcome to miniBSD service. 234 Proceed with negotiation. [Starting SSL/TLS negotiation...] WARNING: Server's certificate issuer's certificate isn't available locally. WARNING: Certificate is untrusted. WARNING: Unable to verify leaf signature. WARNING: Errors while verifying the server's certificate chain, continue? (Y/N) Y [Subject: C = SK, O = Crypto, CN = notebook, emailAddress = mikloso...@gmail.com] [Issuer: C = SK, ST = Slovakia, O = MyCompany, OU = sysadmins, CN = notebook, emailAddress = mikloso...@gmail.com] [Cipher: DES-CBC3-SHA (168 bits)] Compression: zlib compression Name (notebook:stewe): stewe 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> so, as you can see, I logged in successfully, but there's some issue with certificates. I did my own CA authority, signed it on myself, adjusted config in this way /usr/loca/etc/vsftpd.conf ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=YES rsa_private_key_file=/usr/local/etc/newkey.pem rsa_cert_file=/usr/local/etc/newcert.pem anonymous_enable=YES ..... an so on On the internet, there is a hint: "You must add the public key of your self signed CA to your OpenSSL certs directory." but how to do that ??? which dir? what public key? thank you _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"