1

I'm trying to configure vstpd to use FTPS. I basically followed these instructions.

I set up everyhting and generated a self-signed certificate which totally suits my needs, this ftp is not to be public.

But when I try to connect to the ftp server with filezilla, filezilla hangs on the line "Verifying certificate" instead of asking me if I trust it.

Using an other FTP client (bareFTP), I got this error: 

Server certificate error: 
RemoteCertificateNameMismatch,
RemoteCertificateChainErrors
Try disabling Server Certificate Validation

If I disabled the validation as suggested, it works so the problem is not in the vsftpd configuration file but rather with my self-signed certificate.

Can anyone tell me what could be wrong with it? I used this command to generate it:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

And in for the "Common Name (eg, YOUR name)" field, I tried to type the server IP address and my company name.

Castaglia
  • 3,349
  • 3
  • 21
  • 42
JuCachalot
  • 217
  • 1
  • 4
  • 6

1 Answers1

1

Your problem mainly lies in the fact that your server does not provide a certificate whose chain reaches one of the trust store certificates (which is normal since it's self-signed). You can solve this easily by adding the certificate used by the server to your local trust store. Also, the CN should match the hostname you're connecting to.

Note that if you need to have a few certificates, it would be a good idea to create your own CA so you don't have to manually add every subsequent certificate to your local trust store.

Ginnungagap
  • 2,595
  • 10
  • 13