[Pure-ftpd] weird! TLS problem

[ryceck]

Hey ppl,

I just installed pure-ftpd and configged it (like so many times before) and everything is working.
Then I found the miracle called TLS and wanted to try that.
Created an cetr-file in /etc/ssl/private with help of the TLS-readme, but it doesnt work :/

I get this:

Code: Select all

[R] Connecting to servername.com-> IP=xxx.xxx.xxx.xxx PORT=21
[R] Connected to servername.com
[R] 421 Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]
[R] Connection failed
[R] Delaying for 120 seconds before reconnect attempt #1

My serversided logs tell me this:

Code: Select all

Mar 10 21:50:49 [pure-ftpd] connect from xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)
Mar 10 21:50:49 [pure-ftpd] (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]

And here comes the best part:

Code: Select all

metal / $> cat /etc/ssl/private/pure-ftpd.pem
-----BEGIN RSA PRIVATE KEY-----
<<LOTS-OF-ENCYPTED-DATA>>
-----END RSA PRIVATE KEY-----

metal / $> l /etc/ssl/private/pure-ftpd.pem
-rw-r--r--  1 root root 887 Mar 10 21:21 /etc/ssl/private/pure-ftpd.pem

WTF is this Does pure-ftpd run a chroot without telling me?
Copying the directory to other locations (/etc /etc/pure-ftpd /etc/pureftpd) didnt work at all so my options are through

[ryceck]

After filing a bug @ pureftpd.sf.net and not getting any replies so far i am wondering if there is truly nobody that knows a solution for this..?

[toralf]

My file is bigger:

Code: Select all

nhh221 ~ # ls -l /etc/ssl/private/pure-ftpd.pem
-rw-r--r--  1 root root 2286 Feb 23 15:24 /etc/ssl/private/pure-ftpd.pem

The content is:

Code: Select all

nhh221 ~ # cat /etc/ssl/private/pure-ftpd.pem
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

[ryceck]

My file is bigger:

Code: Select all

nhh221 ~ # ls -l /etc/ssl/private/pure-ftpd.pem
-rw-r--r--  1 root root 2286 Feb 23 15:24 /etc/ssl/private/pure-ftpd.pem

The content is:

Code: Select all

nhh221 ~ # cat /etc/ssl/private/pure-ftpd.pem
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

How did u create that file?
I used this straight from the manual:

Code: Select all

openssl req -x509 -nodes -newkey rsa:1024 -keyout  /etc/ssl/private/pure-ftpd.pem   -out /etc/ssl/private/pure-ftpd.pem

And it created the file that resides in that directory.

And my content is:
-----BEGIN RSA PRIVATE KEY-----
---
-----END RSA PRIVATE KEY-----

I appear to be missing the certificate info...

Gonna try again 2night when i get acces to the server it resides on and will check back here to inform if it succeeds

[toralf]

I made:

Code: Select all

tfoerste@nhh221 ~ $ openssl req -x509 -nodes -newkey rsa:1024 -keyout ./pure-ftpd.pem   -out ./pure-ftpd.pem
Generating a 1024 bit RSA private key
.......................++++++
......++++++
writing new private key to './pure-ftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:xx
State or Province Name (full name) [Some-State]:xxx
Locality Name (eg, city) xxx
Organization Name (eg, company) [Internet Widgits Pty xxx
Organizational Unit Name (eg, section) xxx
Common Name (eg, YOUR name) []:xxx
Email Address []:xxx

and got:

Code: Select all

tfoerste@nhh221 ~ $ wc pure-ftpd.pem
  36   44 2176 pure-ftpd.pem
tfoerste@nhh221 ~ $ grep -e BEGIN -e END pure-ftpd.pem
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

Do not forget to specify all informations for 'xx', without that no certificate will be created.