I have a Debian Dedicated server and I want to enable Implicit SSL on it using VSFTPD and I am having a hard time.
I have read online and the only thing I can really find is how to enable SSL and in the man pages it lists one implicit ssl command. but since Implicit ssl uses a second listener (990 by default) I have no idea how to make it work on Debian.
Has anyone managed to get this working?
Here is my config:
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
connect_from_port_20=YES
pam_service_name=vsftpd
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
if I include Implicit_SSL=YES the server won't even start.
thanks
Best Answer
Clearly you'll need to set
implicit_ssl=YESin the config file to get anywhere.But when you do, you can't start the server, of course. So the first thing to do is look at the server's logs, in /var/log/vsftpd.log (or, possibly, the messages went to /var/log/user.log or /var/log/messages, but that's unlikely).
Without seeing that, I can't possibly tell you what the problem actually is, but as a wild guess, I'd say there's a decent chance it's failing to find its server SSL certificate. Other possible contenders for the problem include permission problems, SELinux failures (if you have that enabled), or vsftpd just plain not liking the set of configuration options you gave it - it can be very picky that way, so as to keep you from accidentally leaving it configured in an insecure state. Or there's no lack of other possibilities - that's why you need the logs.