編輯設定檔:
[root@mail ~]# vi /etc/vsftpd/vsftpd.conf
加入以下幾行:
ssl_enable=YES
ssl_sslv2=YES
ssl_tlsv1=YES
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
用 openssl 建立 20 年憑證:
[root@mail ~l]# mkdir -p /etc/ssl/certs/
[root@mail ~l]# touch /etc/ssl/certs/vsftpd.pem
[root@mail ~l]# openssl req -new -x509 -days 7300 -nodes -out /etc/ssl/certs/vsftpd.pem -keyout /etc/ssl/certs/vsftpd.pem
依序回答憑證資料
Generating a 1024 bit RSA private key
....................................................++++++
.....................................................++++++
writing new private key to '/etc/ssl/certs/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW
State or Province Name (full name) [Berkshire]:Taiwan
Locality Name (eg, city) [Newbury]:Taipei
Organization Name (eg, company) [My Company Ltd]:MyCompany
Organizational Unit Name (eg, section) []:ITD
Common Name (eg, your name or your server's hostname) []:mail
Email Address []:admin@server.com
最後重新啟動 vsftpd 就可以了:
[root@mail ~l]# service vsftpd restart
沒有留言:
張貼留言