LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   ssl certificate renewal for vsftpd on ubuntu (https://www.linuxquestions.org/questions/linux-server-73/ssl-certificate-renewal-for-vsftpd-on-ubuntu-800649/)

replica88 04-07-2010 03:11 PM
ssl certificate renewal for vsftpd on ubuntu
 
I am currently using vsftpd with ssl support

Currently when the certificate expires I have to generate a new certificate and distribute that new certificate among the clients.

Ideally I would like automatic renewal of the certificate and that certificate to then be transferred to the client upon connection.

I am relatively new to Linux and this is a problem I cant seem to overcome myself, any advice or links to how-to's would be appreciated.

The ftp client I am using is curlFTPfs as I need to ftp directory to be mounted locally, below is the command with debugging:

Code:
root@Fileserver:/scripts# curlftpfs -v -o ssl -o cacert=/certificate/ssl-cert-snakeoil.pem -o no_verify_hostname ftp://ftpaccount:ftppassword@192.168.1.254 /backup
* Couldn't find host 192.168.1.254 in the .netrc file, using defaults
* About to connect() to 192.168.1.254 port 21 (#0)
*  Trying 192.168.1.254... * connected
* Connected to 192.168.1.254 (192.168.1.254) port 21 (#0)
< 220 (vsFTPd 2.0.6)
> AUTH SSL
< 234 Proceed with negotiation.
* found 1 certificates in /certificate/ssl-cert-snakeoil.pem
*        server certificate verification OK
*        common name: FTPserver.cable.virginmedia.net (does not match '192.168.1.254')
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #1
*        subject: C=XX,ST=There is no such thing outside US,L=Everywhere,O=OCOSA,OU=Office for Complication of Otherwise Simple Affairs,CN=FTPserver.cable.virginmedia.net,EMAIL=root@FTPserver.cable.virginmedia.net
*        start date: Wed, 07 Apr 2010 18:19:37 GMT
*        expire date: Fri, 07 May 2010 18:19:37 GMT
*        issuer: C=XX,ST=There is no such thing outside US,L=Everywhere,O=OCOSA,OU=Office for Complication of Otherwise Simple Affairs,CN=FTPserver.cable.virginmedia.net,EMAIL=root@FTPserver.cable.virginmedia.net
*        compression: DEFLATE
*        cipher: 3DES 168 CBC
*        MAC: SHA
> USER ftpaccount
< 331 Please specify the password.
> PASS ftppassword
< 230 Login successful.
> PBSZ 0
< 200 PBSZ set to 0.
> PROT P
< 200 PROT now Private.
> PWD
< 257 "/"
* Entry path is '/'
* Remembering we are in dir ""
* Connection #0 to host 192.168.1.254 left intact
Many thanks

r0b0 04-09-2010 08:51 AM
Why do your certificates expire every month? Usually they are valid for 1-2 years. If you are not a bank or an intelligence agency, you could as well go up to 5 years.

Anyway, if you really need to automate the process of certificate renewal then I suggest that you write a script to 1. generate the new certificate 2. put it somewhere on a known path inside the FTP so that users can download the new cert 3. restart your ftp server. Shouldn't be that difficult.

replica88 04-14-2010 05:28 AM
Quote:
Originally Posted by r0b0 (Post 3929910)
Why do your certificates expire every month? Usually they are valid for 1-2 years. If you are not a bank or an intelligence agency, you could as well go up to 5 years.

Anyway, if you really need to automate the process of certificate renewal then I suggest that you write a script to 1. generate the new certificate 2. put it somewhere on a known path inside the FTP so that users can download the new cert 3. restart your ftp server. Shouldn't be that difficult.
Yes that is abit excessive, I will look it to it... thanks


All times are GMT -5. The time now is 04:32 PM.