FreeKB - PureFTPd SSL
PureFTPd - SSL

If we do not encrypt our FTP traffic with a certificate, the username and password we use to connect to our PureFTPd server will be sent as cleartext over the Internet. We can capture the FTP username and password using Wireshark.

To encrypt PureFTPd traffic with a certificate, PureFTPd requires that we create a public key named pure-ftpd.pem and to store this public key at /etc/ssl/private/pure-ftpd.pem. A trusted certificate will be one that we will buy from a trusted CA (certificate authority) such as If our PureFTPd Server is not a production server, we can use OpenSSL to create a self-signed certificate.  Follow the directions in the article on how to create an SSL certificate using OpenSSL. Once you have the public key, ensure the public key is named pure-ftpd.pem and is located at /etc/ssl/private/pure-ftpd.pem.


Enable SSL in PureFTPd. 

echo 2 > /etc/pure-ftpd/conf/TLS
/etc/init.d/pure-ftpd restart



Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 4e05b in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |