Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Using FTPS with Plesk 11.5 and Atomic ProFTPd packages

https://forums.atomicorp.com/viewtopic.php?t=7328

Page 1 of 1

Using FTPS with Plesk 11.5 and Atomic ProFTPd packages

Posted: Fri Dec 20, 2013 12:47 am
by jas8522
It appears that the Atomic ProFTPd packages don't set up a default certificate to use with FTPS when installed. The /etc/proftpd.include file has directives for enabling SSL, but don't specify a cert file and thus users can't connect securely. This results in the following error in /var/log/messages:
server proftpd[{PID}]: {SERVER_IP} ({CLIENT_IP}) - mod_tls/2.4.3: no TLSRSACertificateFile, TLSDSACertificateFile, or TLSPKCS12File configured; unable to handle SSL/TLS connections
Is it possible for the RPM installation to detect Plesk and add their certificates to the file? e.g.:

Code: Select all

  # Server's certificate
   TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
   TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
Alternatively perhaps it could auto generate a self signed certificate and apply that?

Re: Using FTPS with Plesk 11.5 and Atomic ProFTPd packages

Posted: Fri Dec 20, 2013 9:30 am
by scott
Actually we're managing that in ASL by way of an include for /etc/proftp-tls.conf

Code: Select all

# TLS/SSL                 
<IfModule mod_tls.c>
    TLSEngine on              
    TLSLog /var/log/tls.log       
    TLSProtocol TLSv1 SSLv3

    # Are clients required to use FTP over TLS?
    TLSRequired off                

    # Server's certificate
    TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
    TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem

    # example if you are using your own certs
    # TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem
    # TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem 

    # Authenticate clients that want to use FTP over TLS?          
    TLSVerifyClient off

    # Allow SSL/TLS renegotiations when the client requests them, but
    # do not force the renegotations.  Some clients do not support
    # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
    # clients will close the data connection, or there will be a timeout
    # on an idle data connection.
    TLSRenegotiate required off 
</IfModule>

Re: Using FTPS with Plesk 11.5 and Atomic ProFTPd packages

Posted: Sun Dec 22, 2013 12:47 am
by jas8522
Thanks Scott! I guess we'll just apply that manually to each server.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited