Enable TLS/ssl proftpd Ubuntu/Fedora/Centos

By
Roy s

Question: How  to Enable  tls/ssl  in proftpd

Benefits of TLS/SSL

TLS/SSL provides numerous benefits to clients and servers over other methods of authentication, including:

– Strong authentication, message privacy, and integrity
– Interoperability
– Algorithm flexibility
– Ease of deployment
– Ease of use

1- Install  Proftpd and openssl

 apt-get install proftpd openssl
 yum install proftpd openssl

 2- Create   SSL Certificates

 mkdir /opt/ssl/
 cd   /opt/ssl

3- Generate  ssl certificate  with

 openssl req -new -x509 -days 365 -nodes -out proftpd.cert.pem -keyout proftpd.key.pem
Generating a 2048 bit RSA private key
 .....................+++
 ..........+++
 writing new private key to 'proftpd.key.pem'
 -----
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.
 -----
 Country Name (2 letter code) [XX]:NL
 State or Province Name (full name) []:Adam
 Locality Name (eg, city) [Default City]:Adam
 Organization Name (eg, company) [Default Company Ltd]:Unixmen
 Organizational Unit Name (eg, section) []:Unixmen
 Common Name (eg, your name or your server's hostname) []:Unixmen-test
 Email Address []:@unixmen.com

4- Enable TLS In ProFTPd

Edit  /etc/proftpf/proftpd.conf or /etc/proftpd.conf (Ubuntu/Centos)

<IfModule mod_tls.c>
 TLSEngine                  on
 TLSLog                     /var/log/proftpd/tls.log
 TLSProtocol                SSLv23
 TLSOptions                 NoCertRequest
 TLSRSACertificateFile      /opt/ssl/proftpd.cert.pem
 TLSRSACertificateKeyFile   /opt/ssl/proftpd.key.pem
 TLSVerifyClient            off
 TLSRequired                on
 </IfModule>

5- Check if  proftpd ready with:

# proftpd -vv
 ProFTPD Version: 1.3.3g (maint)
 Scoreboard Version: 01040003
 Built: Thu Nov 10 2011 16:20:47 UTC
Loaded modules:
 mod_lang/0.9
 mod_ctrls/0.9.4
 mod_cap/1.0
 mod_vroot/0.9.2
 mod_tls/2.4.2
 mod_auth_pam/1.1
 mod_readme.c
 mod_ident/1.0
 mod_dso/0.5
 mod_facts/0.1
 mod_delay/0.6
 mod_site.c
 mod_log.c
 mod_ls.c
 mod_auth.c
 mod_auth_file/0.8.3
 mod_auth_unix.c
 mod_xfer.c
 mod_core.c

6- Now   start proftpd

 /etc/init.d/proftpd  start
 Starting proftpd:                                          [  OK  ]

and is done!