If we do not encrypt our FTP traffic with a certificate, the username and password we use to connect to our PureFTPd server will be sent as cleartext over the Internet. We can capture the FTP username and password using Wireshark.

To encrypt PureFTPd traffic with a certificate, PureFTPd requires that we create a public key named pure-ftpd.pem and to store this public key at /etc/ssl/private/pure-ftpd.pem. A trusted certificate will be one that we will buy from a trusted CA (certificate authority) such as www.verisign.com. If our PureFTPd Server is not a production server, we can use OpenSSL to create a self-signed certificate.  Follow the directions in the article on how to create an SSL certificate using OpenSSL. Once you have the public key, ensure the public key is named pure-ftpd.pem and is located at /etc/ssl/private/pure-ftpd.pem.

Enable SSL in PureFTPd. 

echo 2 > /etc/pure-ftpd/conf/TLS
/etc/init.d/pure-ftpd restart