Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
vsftpd with self signed ssl cert
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
aesthesia
n00b
n00b


Joined: 17 Mar 2004
Posts: 45
Location: chapel hill, nc

PostPosted: Tue Mar 01, 2005 10:58 pm    Post subject: vsftpd with self signed ssl cert Reply with quote

Hi, I am running vsftpd with ssl enabled. I have the server set up to run in standalone mode with the ssl certificate created, I am using a self signed certificate, but now gFTP won't let me log into the server. I haven't been able to find out what to do, so I was wondering if someone could give me a lead?

Thanks.
Back to top
View user's profile Send private message
j-m
Retired Dev
Retired Dev


Joined: 31 Oct 2004
Posts: 975

PostPosted: Tue Mar 01, 2005 11:06 pm    Post subject: Reply with quote

Certificate common name must match the FQDN you are connecting to. If you don´t have any domain name, use your IP address as common name when creating the certificate.
Back to top
View user's profile Send private message
aesthesia
n00b
n00b


Joined: 17 Mar 2004
Posts: 45
Location: chapel hill, nc

PostPosted: Tue Mar 01, 2005 11:16 pm    Post subject: Reply with quote

I still get the same error

When I'm generating the cert I put "10.20.20.160" as the Common Name, when that is the machines IP. Should I be putting something before that?
Back to top
View user's profile Send private message
j-m
Retired Dev
Retired Dev


Joined: 31 Oct 2004
Posts: 975

PostPosted: Tue Mar 01, 2005 11:20 pm    Post subject: Reply with quote

1. What error do you get?
2. Where are you connecting to in the FTP client?
Back to top
View user's profile Send private message
aesthesia
n00b
n00b


Joined: 17 Mar 2004
Posts: 45
Location: chapel hill, nc

PostPosted: Tue Mar 01, 2005 11:26 pm    Post subject: Reply with quote

Text output from gFTP:

Code:
Looking up 10.20.20.160
Trying 10.20.20.160:21
Connected to 10.20.20.160:21
220 Welcome to Lindisfarne.
AUTH TLS
234 Proceed with negotiation.
Error with certificate at depth: 0
Issuer = /C=US/ST=NC/L=Chapel Hill/O=Internet Widgits Pty Ltd/CN=10.20.20.160
Subject = /C=US/ST=NC/L=Chapel Hill/O=Internet Widgits Pty Ltd/CN=10.20.20.160
Error 18:self signed certificate
Disconnecting from site 10.20.20.160
Back to top
View user's profile Send private message
j-m
Retired Dev
Retired Dev


Joined: 31 Oct 2004
Posts: 975

PostPosted: Wed Mar 02, 2005 12:52 am    Post subject: Reply with quote

Hm, this looks like a paranoid FTP client. Check its settings with regard to certificates.
Back to top
View user's profile Send private message
aesthesia
n00b
n00b


Joined: 17 Mar 2004
Posts: 45
Location: chapel hill, nc

PostPosted: Wed Mar 02, 2005 3:05 am    Post subject: Reply with quote

You're right, that did take care of that problem, however, I now have a new one, and I'm not even really sure what it means:

Code:
Looking up 10.20.20.160
Trying 10.20.20.160:21
Connected to 10.20.20.160:21
220 Welcome.
AUTH TLS
234 Proceed with negotiation.
SSL connection established using TLSv1/SSLv3 (DES-CBC3-SHA)
PBSZ 0
200 PBSZ set to 0.
PROT C
200 PROT now Clear.
USER  clancy
331 Please specify the password.
PASS xxxx
Error: Could not read from socket: Success
Disconnecting from site 192.168.1.160
Waiting 30 seconds until trying to connect again
(gFTP)

I tried a different FTP client and got a different error, if this helps:
Code:
$ ftp 10.20.20.160
Connected to 10.20.20.160.
220 Welcome.
Name (10.20.20.160:mike): clancy
234 Proceed with negotiation.
[SSL Cipher DES-CBC3-SHA]
331 Please specify the password.
Password:
ssl_getc: SSL_read failed -1 = 0
421 Service not available, remote server has closed connection
Login failed.
No control connection for command: Success
(ftp)

Error: Could not read from socket: Success? I mean, thats just a little confusing, what with the "Error" and "Success" in the same statement. Any ideas? Thanks very much for your help already.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum