I need a little advice on securing my VSFTPD server. I currently have it setup and working using a self signed certificate by following instructions on the net and im happy with it to a certain extent.
One of my clients is not... He said he cannot connect to the server unless he has the certificate to add to his client. I sent him the vsftpd.pem file i had created using the online tutorial but he told me this was not what he was looking for. So im stuck, im not sure what i should be sending him and if thats not what he was looking for what the hell have i just sent him? Have i just given him a confidential file?
I also thought that it could be because the certificate is self signed and he might require a signed certificate?
in my vsftpd.conf the certificate section looks like this...
Can someone who knows a bit more about this fill me in? Thank you in advance.
---------- Post updated at 07:15 AM ---------- Previous update was at 04:30 AM ----------
I believe i might of found what i need to do.
I think i need to extract the public key and crt from the .pem file. How can this be achived?
Apparently the file the client needs is either a .key and a .crt (im guessing these must be public) or a .p12 / .pfk
Can someone please help, time is not on my side.
Last edited by pludi; 10-29-2009 at 06:53 AM..
Reason: code tags, please...
Hello Gurus,
after installtion and configuration of vsftpd and NcFTPd, i could able to ftp from another Linux server but not from other windows cmd prompt. :mad:
It show user/PASS need to be provided :( its not even prompting for username and password. :(
Y it differs from windows and... (0 Replies)
Hi all,
Im having trouble setting up an FTP server and forcing SSL. At the moment i can connect to the server externally using normal FTP but when i try FTP with SSL i get
STATUS:> Connected. Exchanging encryption keys...
ERROR:> SSL: Error in negotiating... (5 Replies)
Is there a way i can only force SSL encryption if they connect from outside our network OR allow certain IP's to connect without using encryption? (0 Replies)
Does anyone know how to extract the expiration date of a Solaris 9 certificate? I have searched over the 'net and it seems this command ssl-cert-check comes up often but this does not work on my servers. Not sure how to extraxt the expiration dates of the SSL Certs so if anyone can help that would... (2 Replies)
Hello,
I have been attempting to automate the addition of SSL certificates to keychains on a MAC using the "security" command. I've noticed two things, 1 of which I don't understand.
1. If I use something like "security add-trusted-cert -d -k /System/Library/Keychains/SystemRootCertificates... (1 Reply)
Hi Friends,
I am trying to configure vsftpd server 2.0.5 on rhel5 64 bit installation.
I am getting an error when initiating an ssl connection.
I am using filezilla 3.0 ftp client.
Client is specifically using passive mode connection.
I can see the client is able to connect to the server,... (0 Replies)
Can someone guide me as to how SSL certificates are created for a new AIX box? I am a novice to system administration.
Thanks in advance
Gayathri (1 Reply)
Hi there.
Im studying and i've got an exercise that i cannot fully understand. Im trying and testing, but it didnt works
What i need to configure ftps ( vsftpd ) with openssl? (1 Reply)
Hi everyone,
I am working on a Nginx + Apache installation for learning purposes, and just got to the point of installing a self-signed certificate for securing some pages that will be used to send "sensitive" information such as login credentials. So far so good.
What a I want to know is how can... (2 Replies)
Hello All,
0. Firstly, I am not very Unix savvy. For instance, I don't know what the purpose of certificates are, and I don't know if this is the right forum for this question.
1. The problem: I can't use homebrew or use git. Running git pull, for instance, gives the following error:
... (2 Replies)
Discussion started by: isaac_caswell
2 Replies
LEARN ABOUT SUSE
certtool
certtool(1) General Commands Manual certtool(1)NAME
certtool - Manipulate certificates and keys.
SYNOPSIS
certtool [options]
DESCRIPTION
Generate X.509 certificates, certificate requests, and private keys.
OPTIONS
Program control options
-d, --debug LEVEL
Specify the debug level. Default is 1.
-h, --help
Shows this help text
-v, --version
Shows the program's version
Getting information on X.509 certificates
-i, --certificate-info
Print information on a certificate.
-k, --key-info
Print information on a private key.
-l, --crl-info
Print information on a CRL.
--p12-info
Print information on a PKCS #12 structure.
Getting information on Openpgp certificates
--pgp--certificate-info
Print information on an OpenPGP certificate.
--pgp--key-info
Print information on an OpenPGP private key.
--pgp--ring-info
Print information on a keyring.
Generating/verifying X.509 certificates/keys
-c, --generate-certificate
Generate a signed certificate.
-e, --verify-chain
Verify a PEM encoded certificate chain. The last certificate in the chain must be a self signed one.
--generate-dh-params
Generate PKCS #3 encoded Diffie-Hellman parameters.
--load-ca-certificate FILE
Certificate authority's certificate file to use.
--load-ca-privkey FILE
Certificate authority's private key file to use.
--load-certificate FILE
Certificate file to use.
--load-privkey FILE
Private key file to use.
--load-request FILE
Certificate request file to use.
-p, --generate-privkey
Generate a private key.
-q, --generate-request
Generate a PKCS #10 certificate request.
-s, --generate-self-signed
Generate a self-signed certificate.
-u, --update-certificate
Update a signed certificate.
Controlling output
-8, --pkcs8
Use PKCS #8 format for private keys.
--dsa Generate a DSA key.
--bits BITS
Specify the number of bits for key generation.
--export-ciphers
Use weak encryption algorithms.
--inraw
Use RAW/DER format for input certificates and private keys.
--infile FILE
Input file.
--outraw
Use RAW/DER format for output certificates and private keys.
--outfile FILE
Output file.
--password PASSWORD
Password to use.
--to-p12
Generate a PKCS #12 structure.
--template
Use a template file to read input. See the doc/certtool.cfg in the distribution, for an example.
--fix-key
Some previous versions of certtool generated wrongly the optional parameters in a private key. This may affect programs that used
them. To fix an old private key use --key-info in combination with this parameter.
--v1 When generating a certificate use the X.509 version 1 format. This does not add any extensions (such as indication for a CA) but
some programs do need these.
EXAMPLES
To create a private key, run:
$ certtool --generate-privkey --outfile key.pem
To create a certificate request (needed when the certificate is issued by another party), run:
$ certtool --generate-request --load-privkey key.pem
--outfile request.pem
To generate a certificate using the previous request, use the command:
$ certtool --generate-certificate --load-request request.pem
--outfile cert.pem --load-ca-certificate ca-cert.pem
--load-ca-privkey ca-key.pem
To generate a certificate using the private key only, use the command:
$ certtool --generate-certificate --load-privkey key.pem
--outfile cert.pem --load-ca-certificate ca-cert.pem
--load-ca-privkey ca-key.pem
To view the certificate information, use:
$ certtool --certificate-info --infile cert.pem
To generate a PKCS #12 structure using the previous key and certificate, use the command:
$ certtool --load-certificate cert.pem --load-privkey key.pem
--to-p12 --outder --outfile key.p12
AUTHOR
Nikos Mavroyanopoulos <nmav@gnutls.org> and others; see /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
This manual page was written by Ivo Timmermans <ivo@debian.org>, for the Debian GNU/Linux system (but may be used by others).
May 23rd 2005 certtool(1)