in Unix

Adding tls support to pure-ftp in FreeBSD

Log for adding tls support in ure-ftp in FreeBSD :

>>>>=================  Make directory for certificate

edp# mkdir -p /etc/ssl/private

>>>>=================  Make certificate

edp# openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Generating a 1024 bit RSA private key
writing new private key to ‘/etc/ssl/private/pure-ftpd.pem’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:Sumsel
Locality Name (eg, city) []:Palembang
Organization Name (eg, company) [Internet Widgits Pty Ltd]:PalComTech
Organizational Unit Name (eg, section) []:STMIK/POLTEK PalComTech
Common Name (eg, YOUR name) []:PalComTech
Email Address []

>>>>=================  chmod 600 certificate

edp# chmod 600 /etc/ssl/private/*.pem

>>>>=================  Restart  FTP Server

edp# /usr/local/etc/rc.d/pure-ftpd restart


Running: /usr/local/sbin/pure-ftpd -A -c50 -B -C8 -D -fftp -H -I15 -L2000:8 -m4 -s -U133:022 -u100 -k99 -Z –Y2

Y2 => TLS level 2

Testing from ftp client :

20———- Welcome to Pure-FTPd [TLS] ———- 
TLSv1, cipher TLSv1/SSLv3 (AES256-SHA) – 256 bit
USER palcom 
331 User palcom OK. Password required 
PASS ********** 
230-User palcom has group access to:  palcom   
230 OK. Current restricted directory is / 

Good 🙂