LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-18-2005, 07:51 PM   #1
dharm
LQ Newbie
 
Registered: Sep 2005
Posts: 2

Rep: Reputation: 0
vsftp SSL cert errors


running: Fedora core 4
latest openssl
so ya, i got vsftpd, and tried to get ssl working with it.

i ran
Code:
openssl req -x509 -nodes -days 730 -newkey rsa:1024 \
        -keyout /usr/share/ssl/certs/vsftpd.pem \
        -out /usr/share/ssl/certs/vsftpd.pem
and i entered my information as it prompted me.

i entered this in vsftpd.conf

Code:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/usr/share/ssl/certs/vsftpd.pem
restarted vsftpd service

i open up gFTP, and connect to myself as FTPS, and i get
Quote:
Looking up localhost
Trying localhost:21
Connected to localhost:21
220 Welcome to Dharm's FTP service.
AUTH TLS
234 Proceed with negotiation.
Error with certificate at depth: 0
Issuer = /C=CA/ST=British Columbia/L=Burnaby/O=CST/OU=SI/CN=BCIT/emailAddress=test@test.com
Subject = /C=CA/ST=British Columbia/L=Burnaby/O=CST/OU=SI/CN=BCIT/emailAddress=test@test.com
Error 18:self signed certificate
Disconnecting from site localhost
so why do i get that last error... i tried other ftp clients, similar problems, so something with the ssl cert itself
 
Old 11-21-2005, 08:31 AM   #2
Brian Knoblauch
Member
 
Registered: Jan 2005
Distribution: OpenSuse Tumbleweed
Posts: 288

Rep: Reputation: 39
"Error 18:self signed certificate"

That pretty much explains it right there. Self signed certificates will allow encryption, but have no "trust" behind them. You either need to get a properly signed certificate (Thawte, Verisign, etc.), or see if there's an option to override and allow use of self signed certificates.
 
Old 11-21-2005, 08:35 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,414
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
From the Gftp FAQ: "5.1. When using the FTPS or HTTPS protocol, gFTP cannot connect if the remote server uses a self signed certificate. You must add the public key of your self signed CA to your OpenSSL certs directory. On my Debian box, the OpenSSL certs are installed in /usr/lib/ssl/certs.".
 
Old 05-22-2006, 09:25 PM   #4
Ben64
LQ Newbie
 
Registered: Sep 2004
Posts: 24

Rep: Reputation: 15
Quote:
Originally Posted by unSpawn
You must add the public key of your self signed CA to your OpenSSL certs directory.
and how would that be accomplished
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL Cert Generation Problem paintcheck200 Linux - Networking 2 07-06-2009 04:12 PM
installing ssl cert kwickcut Mandriva 4 09-25-2005 02:27 PM
SSL sign cert error Giallo998 Linux - Networking 1 04-25-2005 10:06 AM
Qmail ssl cert eltonmou Linux - Software 0 08-18-2004 07:48 AM
Webmin SSL Cert hakcenter Linux - Security 4 10-22-2003 05:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration