vsftp doesn't work with ssl_enable=yes

[kerrytec]

Hello,

I'm trying to get my vsftp server to run.
When ssl is disabled it works pretty fine, but after turning on I get the following error:

Code:

# /etc/init.d/vsftpd status
Checking for service vsftpd                                               unused
# /etc/init.d/vsftpd start
Starting vsftpd startproc:  exit status of parent of /usr/sbin/vsftpd: 1
                                                                          failed

here's my config (/etc/vsftpd.conf):

Code:

write_enable=YES
dirmessage_enable=YES
nopriv_user=ftpsecure
ftpd_banner="Welcome to ..."
local_enable=YES
chroot_local_user=YES
listen=YES
ssl_enable=YES
pasv_min_port=30000
pasv_max_port=30100

/var/log/messages and /var/log/warn don't say anything about vsftp and /var/log/rcvsftp is empty.

Has anybody an idea what the problem could be?
May the firewall/ports have sth to with it?

Thanks for help.

[erikro]

Hi,

you should tell your server where the cert file is. A line like this

Code:

rsa_cert_file=/etc/vsftpd/vsftpd.pem

is missing. For more information look here:

Configuring vsftpd for secure connections (TLS/SSL/SFTP - VPSLink Wiki)

hth

Erik

[kerrytec]

Hey,

Thanks for the advice. I'll give it a try when I'm back at home tomorrow.

regards

[kerrytec]

I've created a certificate as it is described in the guide but unfortunately it doesn't fix the problem.
I get the same error like before.
Any other ideas?

Thanks

[erikro]

Hi,

did you also add the missing line in the config file?

Bye

Erik

[kerrytec]

Hi Erik,

Yes I did. I've checked everything twice. Even I knew that it was senseless, I've generated the certificate a second time...

My vsftpd.conf looks like this now:

Code:

write_enable=YES
dirmessage_enable=YES
nopriv_user=ftpsecure
ftpd_banner="Welcome to ..."
local_enable=YES
chroot_local_user=YES
listen=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
pasv_min_port=30000
pasv_max_port=30100

Thanks for your efforts!

[erikro]

Hi,

please type

Code:

vsftpd

and post the output here. Do it as root.

Bye

Erik

[erikro]

Hi again,

I was a bit confusing I think. I like you NOT to use the startscript but the command vsftpd itself. So you should type the command with another working dir than /etc/init.d to be sure to call the daemon itself since your start script seems to have also the name vsftpd.

Bye

Erik

[kerrytec]

Hi Erik,

when I try to execute vsftpd the following Error comes:

Code:

# vsftpd
500 OOPS: SSL: cannot load RSA certificate

When I googled this error I found plenty of sites, but none of these outline my problem.
So have you any idea whats the issue of this error?
Cannot figure out why he can't load it...

Thanks again for your help!

[erikro]

Hi,

could be a problem with the file permissions. Type:

Code:

ls -l /etc/vsftpd

and post the result here.

Bye

Erik