Find the answer to your Linux question:
Results 1 to 3 of 3
I've got vsftpd up and running, almost everything is working flawlessly as I want it: - virtual users in mysql - locked virtual user into their own jailed home folder ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2004
    Posts
    2

    vsftpd + valid ssl cert - client says unknow cert :(


    I've got vsftpd up and running, almost everything is working flawlessly as I want it:
    - virtual users in mysql
    - locked virtual user into their own jailed home folder
    - ssl encrypton

    SSL encryption/auth works fine, except for one thing, my ftpclient (filezilla) complaines about an "unknown certificate", see image here:

    http://img259.imageshack.us/img259/6...carrotnji1.jpg

    I created my private key and a csr from that which I used to buy a SSL123 certificate from Thawte. When I got it, I 'cat' them together into a .pem file and pointet to it in vsftpd.conf (it is an rsa key btw). If I say 'accept' to the "unknown" certificate everything works fine, but I really want it to NOT show (the warning). It's going to be a live server at work, so I need it to be professional without this warning message.

    I'm quite frustrated now. I've googled my eyes out and have not found one example of vsftpd used with valid certificates, only self signed. Most articles/wikis/guides/howtos just say something like ".. or you can buy a valid certificate at places like VeriSign or Thawte".

  2. #2
    Just Joined!
    Join Date
    Nov 2007
    Location
    Camp Pendleton
    Posts
    55
    Hi,

    A quick google search tells me filezilla has a cacert.pem file you can add known root certificates to.
    FileZilla 2.2.4 released

    Get thawte's public cert(s) from here:
    SSL Digital Certificate Technical Support - thawte

    When you bought the cert they should have given you at least a link to which certificate they used to sign yours...

  3. #3
    Just Joined!
    Join Date
    May 2004
    Posts
    2
    Quote Originally Posted by mrjohnson View Post
    Hi,

    A quick google search tells me filezilla has a cacert.pem file you can add known root certificates to.
    FileZilla 2.2.4 released

    Get thawte's public cert(s) from here:
    SSL Digital Certificate Technical Support - thawte

    When you bought the cert they should have given you at least a link to which certificate they used to sign yours...
    The thing is I don't want to have all our customers manually add thawte's public certificate to their client (which could be lots of other clients). Shouldn't I be able to add an intermediate certificate or something to fix this?

    (I'm also FileZilla v3.0.x at the moment.)

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •