Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-18-2005, 07:51 PM   #1
LQ Newbie
Registered: Sep 2005
Posts: 2

Rep: Reputation: 0
vsftp SSL cert errors

running: Fedora core 4
latest openssl
so ya, i got vsftpd, and tried to get ssl working with it.

i ran
openssl req -x509 -nodes -days 730 -newkey rsa:1024 \
        -keyout /usr/share/ssl/certs/vsftpd.pem \
        -out /usr/share/ssl/certs/vsftpd.pem
and i entered my information as it prompted me.

i entered this in vsftpd.conf

restarted vsftpd service

i open up gFTP, and connect to myself as FTPS, and i get
Looking up localhost
Trying localhost:21
Connected to localhost:21
220 Welcome to Dharm's FTP service.
234 Proceed with negotiation.
Error with certificate at depth: 0
Issuer = /C=CA/ST=British Columbia/L=Burnaby/O=CST/OU=SI/CN=BCIT/
Subject = /C=CA/ST=British Columbia/L=Burnaby/O=CST/OU=SI/CN=BCIT/
Error 18:self signed certificate
Disconnecting from site localhost
so why do i get that last error... i tried other ftp clients, similar problems, so something with the ssl cert itself
Old 11-21-2005, 08:31 AM   #2
Brian Knoblauch
Registered: Jan 2005
Distribution: OpenSuse Tumbleweed
Posts: 288

Rep: Reputation: 39
"Error 18:self signed certificate"

That pretty much explains it right there. Self signed certificates will allow encryption, but have no "trust" behind them. You either need to get a properly signed certificate (Thawte, Verisign, etc.), or see if there's an option to override and allow use of self signed certificates.
Old 11-21-2005, 08:35 AM   #3
Registered: May 2001
Posts: 29,414
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
From the Gftp FAQ: "5.1. When using the FTPS or HTTPS protocol, gFTP cannot connect if the remote server uses a self signed certificate. You must add the public key of your self signed CA to your OpenSSL certs directory. On my Debian box, the OpenSSL certs are installed in /usr/lib/ssl/certs.".
Old 05-22-2006, 09:25 PM   #4
LQ Newbie
Registered: Sep 2004
Posts: 24

Rep: Reputation: 15
Originally Posted by unSpawn
You must add the public key of your self signed CA to your OpenSSL certs directory.
and how would that be accomplished


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL Cert Generation Problem paintcheck200 Linux - Networking 2 07-06-2009 04:12 PM
installing ssl cert kwickcut Mandriva 4 09-25-2005 02:27 PM
SSL sign cert error Giallo998 Linux - Networking 1 04-25-2005 10:06 AM
Qmail ssl cert eltonmou Linux - Software 0 08-18-2004 07:48 AM
Webmin SSL Cert hakcenter Linux - Security 4 10-22-2003 05:21 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:06 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration