I am currently using vsftpd with ssl support
Currently when the certificate expires I have to generate a new certificate and distribute that new certificate among the clients.
Ideally I would like automatic renewal of the certificate and that certificate to then be transferred to the client upon connection.
I am relatively new to Linux and this is a problem I cant seem to overcome myself, any advice or links to how-to's would be appreciated.
The ftp client I am using is curlFTPfs as I need to ftp directory to be mounted locally, below is the command with debugging:
Code:
root@Fileserver:/scripts# curlftpfs -v -o ssl -o cacert=/certificate/ssl-cert-snakeoil.pem -o no_verify_hostname ftp://ftpaccount:ftppassword@192.168.1.254 /backup
* Couldn't find host 192.168.1.254 in the .netrc file, using defaults
* About to connect() to 192.168.1.254 port 21 (#0)
* Trying 192.168.1.254... * connected
* Connected to 192.168.1.254 (192.168.1.254) port 21 (#0)
< 220 (vsFTPd 2.0.6)
> AUTH SSL
< 234 Proceed with negotiation.
* found 1 certificates in /certificate/ssl-cert-snakeoil.pem
* server certificate verification OK
* common name: FTPserver.cable.virginmedia.net (does not match '192.168.1.254')
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #1
* subject: C=XX,ST=There is no such thing outside US,L=Everywhere,O=OCOSA,OU=Office for Complication of Otherwise Simple Affairs,CN=FTPserver.cable.virginmedia.net,EMAIL=root@FTPserver.cable.virginmedia.net
* start date: Wed, 07 Apr 2010 18:19:37 GMT
* expire date: Fri, 07 May 2010 18:19:37 GMT
* issuer: C=XX,ST=There is no such thing outside US,L=Everywhere,O=OCOSA,OU=Office for Complication of Otherwise Simple Affairs,CN=FTPserver.cable.virginmedia.net,EMAIL=root@FTPserver.cable.virginmedia.net
* compression: DEFLATE
* cipher: 3DES 168 CBC
* MAC: SHA
> USER ftpaccount
< 331 Please specify the password.
> PASS ftppassword
< 230 Login successful.
> PBSZ 0
< 200 PBSZ set to 0.
> PROT P
< 200 PROT now Private.
> PWD
< 257 "/"
* Entry path is '/'
* Remembering we are in dir ""
* Connection #0 to host 192.168.1.254 left intact
Many thanks