Celebrate Our 22nd Anniversary with Huge Savings! Up to 70% Off

  Categories

Affiliate Questions
40
Billing & Accounts
48
Client Area Tutorials
37
Cloud Hosting
27
Control Panels
776
Database Server
116
Dedicated Servers
15
Form Downloads
5
Mail Servers Tutorials
223
Miscellaneous Articles
240
Pre-Sales Questions
613
Video Tutorials
1
VPS Hosting
697
Web Hosting
187
Web Services
112
Website Migration
9
WordPress Hosting
229

  Categories

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

How to Configure VSFTPD with SSL/ TLS Encrypted Connection?

Print

Before you proceed with the steps to configure VSFTPD with SSL/ TLS encrypted connection, ensure that you have installed the VSFTP on your Linux machine.

For your reference, you can follow these articles – 

1. We will generate a self-signed certificate using OpenSSL.
First, create a directory to store the public key and private key.

mkdir -p /etc/vsftpd/ssl

2. Run the command given below to generate the certificate. 

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/ssl/vsftpd.pem -out /etc/vsftpd/ssl/vsftpd.pem

Once you execute this command, it will ask for the country name, state name, city name, organization, unit name, and the common name that must match your server's IP Address.
You can also use the domain name pointing to your server IP Address. The certificate will use the RSA key agreement protocol with a key length of 2048 bits; the certificate will be valid for 365 days.

3. Let us open the configuration file of VSFTPD for the certificate installation. 

vim /etc/vsftpd.conf

4. Add the line given below to the VSFTPD config file to set the certificate and key file path.

rsa_cert_file=/etc/vsftpd/ssl/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.pem

5. Add this line to enable the SSL 

ssl_enable=YES

6. Block the anonymous user from accessing the FTP using SSL/TLS

allow_anon_ssl=NO

7. Specify when to use SSL/ TLS. It includes data transfer and logging in using the credentials

ssl_enable=YES

8. Block the anonymous user from accessing the FTP using SSL/ TLS

force_local_data_ssl=YES
force_local_logins_ssl=YES

9. Let us specify the version to use for the encryption.
TLS is more secure than SSL, and we will block the older versions

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

10. Add the required SSL reuse and SSL ciphers to improve security, allowing additional protection against Man-in-the-Middle (MITM) attacks.
However, it may not be compatible with older FTP clients

require_ssl_reuse=YES
ssl_ciphers=HIGH

11. Finally, restart the VSFTPD.

systemctl restart vsftpd

12. After establishing the SSL/ TLS connection, you will get this message in your FTP client. 

Status: Connection established, waiting for welcome message...

Status: Initializing TLS...

Status: Verifying certificate...

Status: TLS connection established.

Get VPS Hosting »

Was this answer helpful?

Related Articles

How To Configure the Apache Web Server on an Ubuntu or Debian VPS Apache is one of the internet's most favoured web servers, serving over half of all active... Locations of Common Log Files and Configuration Files for cPanel Services This article covers the configuration files and the log file locations of the most common cPanel... Fix: Exim error-exim dead but subsys locked Problem StatementThe php mail scripts were not working in Linux VPS. Error Messageexim dead but... How to Sync Time using NTP in the Ubuntu Server? Linux server users might have noticed that after adjusting the system clock to the correct... How to Generate a Certificate Signing Request (CSR) with OpenSSL? OpenSSL is used to generate a pair of private keys and public Certificate Signing Request (CSR)...
« Back

Copyright © 2003-2025 AccuWebHosting.com USA | Designed By: AccuWebTech.Com

Get Support!

We are here to help!

Sales Department Technical Department Affiliate Group