When setting up vsftpd we have problems with it not providing a trusted connection us a basic pem certificate container using just our private key and certificate.
We created our pem file with the following commands.
cat somecert.com.crt >> somepem.pem
cat somecertkey.com.key >> somepem.pem
SSL Certificate config vsftpd.conf
/etc/vsftpd/vsftpd.conf
ssl_enable=YES
ssl_tlsv1=YES
rsa_cert_file=/etc/httpd/ssl/somepem.pem
When connecting using lftp in debug mode
I saw that we giving a certificate with out enough info
to be establish the full chain of authority. To ensure
it was trusted.
lftp -d -u user:pass myserver.com
….
ERROR: Certificate verification: Not trusted
**** Certificate verification: Not trusted
—- Closing control socket
Best Answer
I need to get the full chain of authority and add it to the pem certificate container Thanks to stackExchange there are some nice solutions to this problem.
From that we can now update the certificate we created to include the full chain of authority.
We need to update the config of the vsftpd
Test using lftp
It is important to pack the pem file correctly in the correct order.
how-do-i-make-my-own-bundle-file-from-crt-files
Creating a .pem with the Entire SSL Certificate Trust Chain
Log into your DigiCert Management Console and download your Intermediate (DigiCertCA.crt), Root (TrustedRoot.crt), and Primary Certificates (your_domain_name.crt). Open a text editor (such as wordpad) and paste the entire body of each certificate into one text file in the following order:
Make sure to include the beginning and end tags on each certificate. The result should look > like this:
Save the combined file as your_domain_name.pem. The .pem file is now ready to use.