LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   vsftp SSL cert errors (https://www.linuxquestions.org/questions/linux-security-4/vsftp-ssl-cert-errors-384486/)

dharm 11-18-2005 07:51 PM

vsftp SSL cert errors
 
running: Fedora core 4
latest openssl
so ya, i got vsftpd, and tried to get ssl working with it.

i ran
Code:

openssl req -x509 -nodes -days 730 -newkey rsa:1024 \
        -keyout /usr/share/ssl/certs/vsftpd.pem \
        -out /usr/share/ssl/certs/vsftpd.pem

and i entered my information as it prompted me.

i entered this in vsftpd.conf

Code:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/usr/share/ssl/certs/vsftpd.pem

restarted vsftpd service

i open up gFTP, and connect to myself as FTPS, and i get
Quote:

Looking up localhost
Trying localhost:21
Connected to localhost:21
220 Welcome to Dharm's FTP service.
AUTH TLS
234 Proceed with negotiation.
Error with certificate at depth: 0
Issuer = /C=CA/ST=British Columbia/L=Burnaby/O=CST/OU=SI/CN=BCIT/emailAddress=test@test.com
Subject = /C=CA/ST=British Columbia/L=Burnaby/O=CST/OU=SI/CN=BCIT/emailAddress=test@test.com
Error 18:self signed certificate
Disconnecting from site localhost
so why do i get that last error... i tried other ftp clients, similar problems, so something with the ssl cert itself

Brian Knoblauch 11-21-2005 08:31 AM

"Error 18:self signed certificate"

That pretty much explains it right there. Self signed certificates will allow encryption, but have no "trust" behind them. You either need to get a properly signed certificate (Thawte, Verisign, etc.), or see if there's an option to override and allow use of self signed certificates.

unSpawn 11-21-2005 08:35 AM

From the Gftp FAQ: "5.1. When using the FTPS or HTTPS protocol, gFTP cannot connect if the remote server uses a self signed certificate. You must add the public key of your self signed CA to your OpenSSL certs directory. On my Debian box, the OpenSSL certs are installed in /usr/lib/ssl/certs.".

Ben64 05-22-2006 09:25 PM

Quote:

Originally Posted by unSpawn
You must add the public key of your self signed CA to your OpenSSL certs directory.

and how would that be accomplished


All times are GMT -5. The time now is 07:25 AM.