vsftpd with ssl
Hi there, I am installing vsftpd server with ssl. It seems it works good, BUT *~:*ftp-tls notebook Trying 127.0.0.1... Connected to localhost. 220 Welcome to miniBSD service. 234 Proceed with negotiation. [Starting SSL/TLS negotiation...] WARNING: Server's certificate issuer's certificate isn't available locally. WARNING: Certificate is untrusted. WARNING: Unable to verify leaf signature. WARNING: Errors while verifying the server's certificate chain, continue? (Y/N) Y [Subject: C = SK, O = Crypto, CN = notebook, emailAddress = mikloso...@gmail.com] [Issuer: C = SK, ST = Slovakia, O = MyCompany, OU = sysadmins, CN = notebook, emailAddress = mikloso...@gmail.com] [Cipher: DES-CBC3-SHA (168 bits)] Compression: zlib compression Name (notebook:stewe): stewe 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp so, as you can see, I logged in successfully, but there's some issue with certificates. I did my own CA authority, signed it on myself, adjusted config in this way /usr/loca/etc/vsftpd.conf ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=YES rsa_private_key_file=/usr/local/etc/newkey.pem rsa_cert_file=/usr/local/etc/newcert.pem anonymous_enable=YES . an so on On the internet, there is a hint: You must add the public key of your self signed CA to your OpenSSL certs directory. but how to do that ??? which dir? what public key? thank you ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: vsftpd with ssl
On Monday 10 August 2009 10:59:34 Stefan Miklosovic wrote: Hi there, I am installing vsftpd server with ssl. It seems it works good, BUT *~:*ftp-tls notebook Trying 127.0.0.1... Connected to localhost. 220 Welcome to miniBSD service. 234 Proceed with negotiation. [Starting SSL/TLS negotiation...] WARNING: Server's certificate issuer's certificate isn't available locally. This is an ftp-tls error, not vsftpd. It took some searching through OpenSSL sources, cause half of the manpages aren't available, but the certificate should be in /etc/ssl on the connecting machine. The error above is the same as described in the verify(1) manpage for OpenSSL: 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certifi- cate the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found. The verify(1) manpage also describes how to store your trusted certificates in there, though it doesn't contain too much info. Perhaps this guide will help you: http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl -- Mel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
vsftpd with ssl - compile option
hi, I would like to use vsftpd with ssl support. If I install it from ports, there is an option to compile it against ssl librarie(s) (VSFTPD_SSL) If I download it by pkg_fetch and extract the package and use ldd on vsftpd in libexec directory, there is no ssl library, in complied way, there are some. libssl.so.5 = /usr/lib/libssl.so.5 (0x280b) libcrypto.so.5 = /lib/libcrypto.so.5 (0x280f1000) I would like to use that program on other computer, but there is not port tree and installing of port tree is really not an option. how to handle this? thank you ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: vsftpd with ssl - compile option
Stefan Miklosovic wrote: hi, I would like to use vsftpd with ssl support. If I install it from ports, there is an option to compile it against ssl librarie(s) (VSFTPD_SSL) If I download it by pkg_fetch and extract the package and use ldd on vsftpd in libexec directory, there is no ssl library, in complied way, there are some. libssl.so.5 = /usr/lib/libssl.so.5 (0x280b) libcrypto.so.5 = /lib/libcrypto.so.5 (0x280f1000) I would like to use that program on other computer, but there is not port tree and installing of port tree is really not an option. Build it as you want it on another machine using ports, then run on that build machine: pkg_create -b -R name from pkg_info This will turn the selected install (and all its dependencies, with the -R flag) into tbz packages in the current directory suitable for pkg_add on the target machine. If there are any missing dependencies on the target machine, pkg_add will try to load them from the same directory from which you are adding the main package. If they do not exist, it will most likely fail, so you will likely want to copy over everything that pkg_create spits out, unless you know it's already installed and up to date on your target. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net cyber...@cyberleo.net Furry Peace! - http://.fur.com/peace/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org