A public / private key pair is used to configure PureFTPd to accept connections over a secure protocol, such as FTPS or SFTP. By default, PureFTPd will look for a PEM file in the /etc/ssl/private directory named pure-ftpd.pem, and the following directives are commented out in /etc/pure-ftpd/pure-ftpd.conf .
# CertFile /etc/ssl/private/pure-ftpd.pem # CertFileAndKey "/etc/pure-ftpd.pem" "/etc/pure-ftpd.key"
Assuming you will be using the defaults, as root, create the /etc/ssl/private directory.
mkdir --parents /etc/ssl/private
This one liner can be used to create the PEM file, so that the PEM file contains both the public certificate and private key.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -sha256 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Ensure pure-ftpd.pem is owned by root with -rw------- (0600) permissions.
chown root /etc/ssl/private/pure-ftpd.pem chgrp root /etc/ssl/private/pure-ftpd.pem chmod 0600 /etc/ssl/private/pure-ftpd.pem
In /etc/pure-ftpd/pure-ftpd.conf file, uncomment the TLS directive. Setting the TLS directive to a value of 1 will allow both FTP and FTPS and SFTP connections, whereas a value of 2 will only allow FTPS and SFTP connections.
Restart PureFTPd for this change to take effect.
systemctl restart pure-ftpd