-   Linux - Security (
-   -   vsftp SSL cert errors (

dharm 11-18-2005 07:51 PM

vsftp SSL cert errors
running: Fedora core 4
latest openssl
so ya, i got vsftpd, and tried to get ssl working with it.

i ran

openssl req -x509 -nodes -days 730 -newkey rsa:1024 \
        -keyout /usr/share/ssl/certs/vsftpd.pem \
        -out /usr/share/ssl/certs/vsftpd.pem

and i entered my information as it prompted me.

i entered this in vsftpd.conf



restarted vsftpd service

i open up gFTP, and connect to myself as FTPS, and i get

Looking up localhost
Trying localhost:21
Connected to localhost:21
220 Welcome to Dharm's FTP service.
234 Proceed with negotiation.
Error with certificate at depth: 0
Issuer = /C=CA/ST=British Columbia/L=Burnaby/O=CST/OU=SI/CN=BCIT/
Subject = /C=CA/ST=British Columbia/L=Burnaby/O=CST/OU=SI/CN=BCIT/
Error 18:self signed certificate
Disconnecting from site localhost
so why do i get that last error... i tried other ftp clients, similar problems, so something with the ssl cert itself

Brian Knoblauch 11-21-2005 08:31 AM

"Error 18:self signed certificate"

That pretty much explains it right there. Self signed certificates will allow encryption, but have no "trust" behind them. You either need to get a properly signed certificate (Thawte, Verisign, etc.), or see if there's an option to override and allow use of self signed certificates.

unSpawn 11-21-2005 08:35 AM

From the Gftp FAQ: "5.1. When using the FTPS or HTTPS protocol, gFTP cannot connect if the remote server uses a self signed certificate. You must add the public key of your self signed CA to your OpenSSL certs directory. On my Debian box, the OpenSSL certs are installed in /usr/lib/ssl/certs.".

Ben64 05-22-2006 09:25 PM


Originally Posted by unSpawn
You must add the public key of your self signed CA to your OpenSSL certs directory.

and how would that be accomplished

All times are GMT -5. The time now is 07:25 AM.