I have just generated a new ssl key on my ftp server with the following command
Code:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 \
-keyout /etc/ssl/certs/vsftpd.pem \
-out /etc/ssl/certs/vsftpd.pem
I then put my new key onto my file server and attempted to connect to the FTP and it failed (this did work before with the default key).. I use curlFTPfs to mount the FTP directory locally as /ftpbackup, below is the command and the output.
Code:
root@Fileserver:/# curlftpfs -v -o ssl -o cacert=/certificate/vsftpd.pem -o no_verify_hostname ftp://ftpaccount:ftppassword@192.168.1.254 /ftpbackup
* Couldn't find host 192.168.1.254 in the .netrc file, using defaults
* About to connect() to 192.168.1.254 port 21 (#0)
* Trying 192.168.1.254... * connected
* Connected to 192.168.1.254 (192.168.1.254) port 21 (#0)
< 220 (vsFTPd 2.0.6)
> AUTH SSL
< 234 Proceed with negotiation.
* found 1 certificates in /certificate/vsftpd.pem
* server certificate verification OK
* common name: ###### (does not match '192.168.1.254')
* server certificate expiration date OK
* server certificate not activated yet.
* Closing connection #0
Error connecting to ftp: server certificate not activated yet.
As you see it gives an error about the certificate not being activated, I have looked this up and cant find a way to activate it. Do you have any idea what the problem is?
Below is the contents of vsftpd.conf on the ftp server
Code:
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/certs/vsftpd.pem
ssl_enable=YES
Many thanks
