建立ssl+ftp连接
-
创建根证书
[root@repo CA]# touch index.txt
[root@repo CA]# echo 01 > serial
[root@repo ~]# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
[root@repo ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -days 3650 -out /etc/pki/CA/cacert.pem
-
创建ftp服务器证书
[root@repo private]# mkdir -pv /etc/vsftpd/ssl/
[root@repo private]# (umask 077;openssl genrsa -out /etc/vsftpd/ssl/vsftpd_key.pem 2048)
[root@repo private]# openssl req -new -key /etc/vsftpd/ssl/vsftpd_cert.pem -days 365 -out /etc/pki/CA/certs/vsftpd_cert.csr
[root@repo private]# openssl ca -in /etc/pki/CA/certs/vsftpd_cert.csr –out /etc/vsftpd/ssl/vsftpd_cert.pem
-
编辑vsftp配置文件(建议不要启用)
[root@repo ~]# vim /etc/vsftpd/vsftpd.conf
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
rsa_cert_file=/etc/vsftpd/ssl/vsftpd_cert.pem
rsa_private_key_file=/etc/vsftpd/ssl/vsftpd_key.pem
-
测试登陆