[BlueOnyx:05775] Re: http://bugs.proftpd.org/show_bug.cgi?id=3521

Tobias Gablunsky t.gablunsky at cbxnet.de
Thu Nov 11 11:11:31 -05 2010 

I can only get FTPS work on the main server ip address, not on the
site's ip addresses - is there a special trick to enable it for all
sites?
I am using exactly Michaels configuration.

[tga at DTGA]~% telnet SERVER 21             
Trying 1.2.3.4...
Connected to SERVER.
Escape character is '^]'.
220 ProFTPD 1.3.2 Server (ProFTPD) [1.2.3.4]
feat
211-Features:
 MDTM
 MFMT
 AUTH TLS
 MFF modify;UNIX.group;UNIX.mode;
 MLST
modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End

[tga at DTGA]~% telnet SITE 21
Trying 1.2.3.5...
Connected to SITE.
Escape character is '^]'.
220 ProFTPD 1.3.2 Server (ProFTPD) [1.2.3.5]
feat
211-Features:
 MDTM
 MFMT
 MFF modify;UNIX.group;UNIX.mode;
 MLST
modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 REST STREAM
 SIZE
211 End


Regards,

Tobias Gablunsky

> -----Original Message-----
> From: blueonyx-bounces at blueonyx.it 
> [mailto:blueonyx-bounces at blueonyx.it] On Behalf Of Michael Stauber
> Sent: Thursday, November 11, 2010 2:37 PM
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:05774] Re: 
> http://bugs.proftpd.org/show_bug.cgi?id=3521
> 
> Hi Chris,
> 
> > This looks pretty good.  I think the idea of FTP over SSL 
> is great.   Is 
> > a separate SSL certificate required, or is the "default" BX 
> cert used?
> 
> It uses the same automatically created certificate that Dovecot uses.
> 
> See /etc/proftpd.conf:
> 
> # TLS
> <IfModule mod_tls.c>
>    TLSEngine on
>    TLSLog /var/log/proftpd/tls.log
>    TLSRequired off
>    TLSRSACertificateFile /etc/pki/dovecot/certs/dovecot.pem
>    TLSRSACertificateKeyFile /etc/pki/dovecot/private/dovecot.pem
>    TLSVerifyClient off
>    TLSOptions NoCertRequest
>    TLSRenegotiate required off
> </IfModule>
> 
> Of course the drawback is that anyone using FTP over SSL will get a 
> certificate warning, saying that this certificate is self signed. 
> 
> -- 
> With best regards
> 
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
> 
>

More information about the Blueonyx mailing list