How to encrypt FTP traffic in PureFTPd with SSL

Home > Search > How-to
  by

If we do not encrypt our FTP traffic with a certificate, the username and password we use to connect to our PureFTPd server will be sent as cleartext over the Internet. We can capture the FTP username and password using Wireshark.

To encrypt PureFTPd traffic with a certificate, PureFTPd requires that we create a public key named pure-ftpd.pem and to store this public key at /etc/ssl/private/pure-ftpd.pem. A trusted certificate will be one that we will buy from a trusted CA (certificate authority) such as www.verisign.com. If our PureFTPd Server is not a production server, we can use OpenSSL to create a self-signed certificate.  Follow the directions in the article on how to create an SSL certificate using OpenSSL. Once you have the public key, ensure the public key is named pure-ftpd.pem and is located at /etc/ssl/private/pure-ftpd.pem.

 

Enable SSL in PureFTPd. 

echo 2 > /etc/pure-ftpd/conf/TLS
/etc/init.d/pure-ftpd restart

 

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments