Using FTPS with Plesk 11.5 and Atomic ProFTPd packages

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
Post Reply
jas8522
Forum User
Forum User
Posts: 52
Joined: Mon Jan 09, 2006 4:02 pm

Using FTPS with Plesk 11.5 and Atomic ProFTPd packages

Unread post by jas8522 »

It appears that the Atomic ProFTPd packages don't set up a default certificate to use with FTPS when installed. The /etc/proftpd.include file has directives for enabling SSL, but don't specify a cert file and thus users can't connect securely. This results in the following error in /var/log/messages:
server proftpd[{PID}]: {SERVER_IP} ({CLIENT_IP}) - mod_tls/2.4.3: no TLSRSACertificateFile, TLSDSACertificateFile, or TLSPKCS12File configured; unable to handle SSL/TLS connections
Is it possible for the RPM installation to detect Plesk and add their certificates to the file? e.g.:

Code: Select all

  # Server's certificate
   TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
   TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
Alternatively perhaps it could auto generate a self signed certificate and apply that?
Top
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:
Contact scott

Re: Using FTPS with Plesk 11.5 and Atomic ProFTPd packages

Unread post by scott »

Actually we're managing that in ASL by way of an include for /etc/proftp-tls.conf

Code: Select all

# TLS/SSL                 
<IfModule mod_tls.c>
    TLSEngine on              
    TLSLog /var/log/tls.log       
    TLSProtocol TLSv1 SSLv3

    # Are clients required to use FTP over TLS?
    TLSRequired off                

    # Server's certificate
    TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
    TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem

    # example if you are using your own certs
    # TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem
    # TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem 

    # Authenticate clients that want to use FTP over TLS?          
    TLSVerifyClient off

    # Allow SSL/TLS renegotiations when the client requests them, but
    # do not force the renegotations.  Some clients do not support
    # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
    # clients will close the data connection, or there will be a timeout
    # on an idle data connection.
    TLSRenegotiate required off 
</IfModule>
Top
jas8522
Forum User
Forum User
Posts: 52
Joined: Mon Jan 09, 2006 4:02 pm

Re: Using FTPS with Plesk 11.5 and Atomic ProFTPd packages

Unread post by jas8522 »

Thanks Scott! I guess we'll just apply that manually to each server.
Top
Post Reply

Return to “General Help and Development Discussion”