vsftpd-2.0.1-5
I am trying to get vsftpd to start with ssl_enabled=yes and not
having much success. The config file works when ssl_enabled=No and
does not work when ssl_enabled=Yes. I have tried setting the
following:
rsa_cert_file=/usr/share/ssl/certs/inet06cert.pem
which is the public certificate and this:
rsa_cert_file=/usr/share/ssl/private/inet06key.pem
which is the server private key. Both these are in use by the
apache web server as :
SSLCertificateFile /usr/share/ssl/certs/inet06cert.pem
and
SSLCertificateKeyFile /usr/share/ssl/private/inet06key.pem
respectively and I have no trouble using ssl with that service. As
far as I can tell the certificates are in the right places and do
the right things for apache but vsftpd chokes. Since vsftpd does
not deign to log what is going on I cannot tell what it finds
disagreeable about this setup. Does anyone have any idea what
would prevent vsftpd from using a certificate that works with
apache?
Regards,
Jim
--
*** e-mail is not a secure channel ***
mailto:byrnejb.<token>@harte-lyne.ca
James B. Byrne Harte & Lyne Limited
vox: +1 905 561 1241 9 Brockley Drive
fax: +1 905 561 0757 Hamilton, Ontario
<token> = hal Canada L8E 3C3
Maciej Zenczykowski
2005-Apr-28 21:08 UTC
[CentOS] vsftp 500 OOPS: SSL: cannot load RSA key
Are there any audits being logged in /var/log/messages with SELinux security errors? Cheers, MaZe. On Thu, 28 Apr 2005, James B. Byrne wrote:> vsftpd-2.0.1-5 > > I am trying to get vsftpd to start with ssl_enabled=yes and not > having much success. The config file works when ssl_enabled=No and > does not work when ssl_enabled=Yes. I have tried setting the > following: > > rsa_cert_file=/usr/share/ssl/certs/inet06cert.pem > > which is the public certificate and this: > > rsa_cert_file=/usr/share/ssl/private/inet06key.pem > > which is the server private key. Both these are in use by the > apache web server as : > > SSLCertificateFile /usr/share/ssl/certs/inet06cert.pem > > and > > SSLCertificateKeyFile /usr/share/ssl/private/inet06key.pem > > respectively and I have no trouble using ssl with that service. As > far as I can tell the certificates are in the right places and do > the right things for apache but vsftpd chokes. Since vsftpd does > not deign to log what is going on I cannot tell what it finds > disagreeable about this setup. Does anyone have any idea what > would prevent vsftpd from using a certificate that works with > apache? > > Regards, > Jim > > -- > *** e-mail is not a secure channel *** > mailto:byrnejb.<token>@harte-lyne.ca > James B. Byrne Harte & Lyne Limited > vox: +1 905 561 1241 9 Brockley Drive > fax: +1 905 561 0757 Hamilton, Ontario > <token> = hal Canada L8E 3C3 > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Am Do, den 28.04.2005 schrieb James B. Byrne um 22:36:> vsftpd-2.0.1-5 > > I am trying to get vsftpd to start with ssl_enabled=yes and not > having much success. The config file works when ssl_enabled=No and > does not work when ssl_enabled=Yes. I have tried setting the > following: > > rsa_cert_file=/usr/share/ssl/certs/inet06cert.pem > > which is the public certificate and this: > > rsa_cert_file=/usr/share/ssl/private/inet06key.pem > > which is the server private key. Both these are in use by the > apache web server as :> JimBoth certificate files must be 1 file. cat /usr/share/ssl/certs/inet06cert.pem /usr/share/ssl/private/inet06key.pem > /usr/share/ssl/certs/vsftpd.pem In vsftpd.conf: rsa_cert_file=/usr/share/ssl/certs/vsftpd.conf Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.14_FC2smp Serendipity 01:48:33 up 16 days, 22:28, load average: 0.46, 0.30, 0.23 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil URL: <http://lists.centos.org/pipermail/centos/attachments/20050429/5884b4a2/attachment-0001.sig>
James B. Byrne
2005-Apr-29 13:07 UTC
[CentOS] Re: vsftp 500 OOPS: SSL: cannot load RSA key
On Fri, 29 Apr 2005 01:51:19 +0200, Alexander Dalloz <ad+lists at uni- x.org> wrote:> Both certificate files must be 1 file. > > cat /usr/share/ssl/certs/inet06cert.pem > /usr/share/ssl/private/inet06key.pem > > /usr/share/ssl/certs/vsftpd.pem > > In vsftpd.conf: > > rsa_cert_file=/usr/share/ssl/certs/vsftpd.confI did this and I get the exact same error. However, I do not understand what this accomplishes. It is my understanding that the rsa privste key certificate contains both PKI primes and the resulting public key. What do I misapprehend? Regards, Jim -- *** e-mail is not a secure channel *** mailto:byrnejb.<token>@harte-lyne.ca James B. Byrne Harte & Lyne Limited vox: +1 905 561 1241 9 Brockley Drive fax: +1 905 561 0757 Hamilton, Ontario <token> = hal Canada L8E 3C3