Browse - Computer Tips - Proftpd TLS on RedHat/Fedora/CentOS

Date: 2018jun20
OS: Linux
Distro: RedHat/Fedora/CentOS
Keywords: SSL

Q.  Proftpd TLS on RedHat/Fedora/CentOS

A.  This worked for me.

First, get Proftp going without TLS.
Connect from another computer and make sure you have the main ftp port (21)
and your passive ports open to the firewall.

Commen-out some lines in /etc/proftpd.conf 
Orginally

<IfDefine TLS> TLSEngine on TLSRequired on TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem TLSCipherSuite ALL:!ADH:!DES TLSOptions NoCertRequest TLSVerifyClient off #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 TLSLog /var/log/proftpd/tls.log <IfModule mod_tls_shmcache.c> TLSSessionCache shm:/file=/var/run/proftpd/sesscache </IfModule> /IfDefine>
Change to
# <IfDefine TLS> TLSEngine on TLSRequired on TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem TLSCipherSuite ALL:!ADH:!DES TLSOptions NoCertRequest TLSVerifyClient off #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 TLSLog /var/log/proftpd/tls.log # <IfModule mod_tls_shmcache.c> # TLSSessionCache shm:/file=/var/run/proftpd/sesscache # </IfModule> # </IfDefine>
Make the .pem files
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/pki/tls/certs/proftpd.pem -out /etc/pki/tls/certs/proftpd.pem
Restart
systemctl restart proftpd
Test with FileZilla