Debian Configuration :: Vsftpd Won't Accept Legit Certificate
Jun 22, 2015
I've been using VSFTPD for years but i can't seem to get over this particular issue. I'm unable to make VSFTPD 3.0.2 work with a legit STARTSSL TLS cert on Debian 8.1 kernel 3.16.0-4-amd64.
500 OOPS: SSL: cannot load RSA certificate.
Openssl 1.0.1k correctly verifies the .PEM file containing both my domain's cert and the intermediate CA one. I've tried adding the private key to the .PEM file and also using it as a separate .key file. Also tried mixing my cert with the intermediate CA one and the private key... to no avail.
Every file is inside /etc where all the conf files reside (also the user specific conf files). File permissions for the .pem and key files are 600.
I'm successfully using the same certificate for NGINX.
Configuration file:
Code: Select alllisten=YES
listen_port=40000
pasv_enable=YES
pasv_min_port=40222
pasv_max_port=40224
listen_address=192.168.1.150
[Code] ....
View 1 Replies
ADVERTISEMENT
Feb 10, 2011
Any clue? I'm using the same key for root login and it works fine (also works fine for SFTP but i hate using that cause its extremely slow)
View 2 Replies
View Related
Oct 1, 2010
A few days ago I installed a new SVN server using ubuntu 10.04 server editiopn at our company and it runs almost flawlessly. Almost that is. The server uses a self-signed certificate so all communications go over https. The strange thing is this. When I run some svn command from my (windows) pc, like update I get asked whether or not I want to accept the certificate. Then I choose "accept permanently" end all goes well. In future command I don't get that question anymore. But when my colleague does the same from his pc, he also gets the same question. Now, when he chooses "accept temporary", all goes smooth. But when he chooses "accept permanently", like I did, he gets an error saying:
RA layer request failed
svn: OPTIONS of 'https://path_to_some_repo': Could not read status line: An established connection was aborted by the software in your host machine.
Of course I googled on this and could find two things: Server settings are wrong
there's something wrong with the firmware of the router. The first couldn't almost be the case since it works for me and I followed the manuals. The second one couldn't be it either because when I log in with my account on my colleague's pc, it works. This is also the case when he logs on to my pc. So the problem exists specifically when he is logged in on his own pc. The setup of this machine is exactly the same as mine.
View 1 Replies
View Related
Feb 14, 2011
I normally dont have a problem installing software. But im pulling my hair out trying to get openvas to work. i used this guide to install [URL].. when i try to login using the client it asks me to accept the certificate i click yes then it fails everytime
View 1 Replies
View Related
Apr 7, 2010
I am currently using vsftpd with ssl support.Currently when the certificate expires I have to generate a new certificate and distribute that new certificate among the clients.Ideally I would like automatic renewal of the certificate and that certificate to then be transferred to the client upon connection.
View 2 Replies
View Related
Jul 17, 2015
Having tried different approaches to install (and run!) a webserver certificate from StartSSL on an Apache2 webserver, I had no success at all since three days. There are many web pages out there in the internet, each is naming it other ways, i.e. one speaks from server./etc/ssl/certs/server.pem, another name it /etc/ssl/private/server.key etc. etc.
Is there a common-sense description how to name a private key, how to name the public key, and just important again, where to place them and what what rights they must have to protect them? And, still important, which config file to adopt (default-ssl, or default-ssl.conf).
By the way, I implemented already the certificates in an other environments, and they are all working (tested with the ssl checker [URL] .....).
How to find a common-sense web page for Apache2 on Debian 8.1?
View 8 Replies
View Related
Jan 24, 2016
I upgraded my server yesterday via apt-get and my Perl scripts are not able to make HTTPS connections due to certificate verification problems.
This seems to be a problem for EVERY HTTPS site.
CURL gives the following error:
Code: Select allSSL certificate problem: unable to get local issuer certificate
I know that this has something to do with root certificate updates, but if I sound ignorant about it, it's because I am.
using CURL with the -k option allows the connection to be made.
I'm running OpenSSl 1.0.1k-3+deb8u2 on Jessie 8.2.
I would obviously prefer to not disable certificate verification on my server.
View 6 Replies
View Related
Apr 27, 2016
I've been trying to get an ECDSA certificate to work for my postfix installation, however, it seems that when I try to use the aECDSA protocol with a client the server gives "no shared cipher" errors.
I had created the certificate like so:
Code: Select allopenssl ecparam -name secp521r1 -genkey -param_enc explicit -out private/ec-email-server.pem
openssl req -new -x509 -key private/ec-email-server.pem -out certs/ec-email-server.pem -days 365
So I've setup a test server, and connected to it with a test client like the following:
Code: Select allopenssl s_server -accept 123 -cert /etc/ssl/certs/ec-email-server.pem -key /etc/ssl/private/ec-email-server.pem
openssl s_client -connect localhost:123
However, once again, I get "no shared cipher" errors.
View 1 Replies
View Related
Jun 5, 2010
This is on Centos 5.3 by the way..... I had a DVD and, well, just wanted to test some things.. I'm aware that this is not the latest release.
And, by the way (I just read an earlier post) I've added the username and password with which I'm trying to login (..hello?).
I'm at work and I don't have a copy of my Vsftpd configuration file (don't wanna edit this whole thing - actually there is a copy, below). I've used Slackware for years and never had any issues with Vsftpd - it just works. I am trying Centos because I need help with upgrading my mail server (qmail) and there's not much help for Slackware users. Also, I used to run RHEL3 and had vsftpd working fine (had to copy some file to /etc/pam.d) but it worked famously. I compiled all my web server stuff (just don't like these default things where I have no idea how things are integrated) and I'm hung up on - of all things - vsftpd.
Anyway....When I try to log into my ftp server I get "KERBEROS_V4 rejected as an authentication type" and only the anonymous account works. Any other logins produce an error (incorrect login - see ya' later). I have SE Linux and the firewall OFF. I don't recall the directive, precisely, but my vsftpd.conf file is set allow local users to connect. I installed with yum and it added some lines at the bottom (one was about a user list and the other was about PAM). I've got a chroot list and a user list although it's not clear to me precisely where the user list should be placed. I actually uninstalled the RPM and compiled, too. I've done everything but call an exorcist. And I've found tons of posts regarding this on the net and none of the fixes worked. Man - on slackware you type "make" and "make install" (I build it with tcp_wrappers) and you're off to the races.
Actually - I did upload the vsftpd.conf file to work (where I'm at, now). Minus lines that were commented out it looks like this:
Could it, possibly, be something about how I am adding the user, the shell type, etc? I know that in Redhat I used to type "/usr/sbin/useradd -d /home/someuser joe". I've done it that way and I've also done it like so: "useradd -d /home/schmoe -s /bin/bash schmoe".
View 2 Replies
View Related
Jan 5, 2010
I've recently been asked to setup our FTP server to accept connections from a remote host. They sent me a file "id_dsa.pub" with instructions to add this key to the xfer user.
Unfortunately I've no idea how to do this!
I'm running vsftpd 2.0.5 on Centos 5.3
View 4 Replies
View Related
Mar 15, 2011
I am very pleased with a new Squeeze desktop that I built. I am use to using BSD style init scripts (Slackware, OpenBSD, Arch) and am trying to tweak my system not to start vsftpd at boot. I use vsftpd occasionally to move large files between computers on my LAN. My inittab shows run level 2 as default.
View 3 Replies
View Related
Mar 5, 2011
i've set a server Fedora 11 using Vsftpd + database berkley + ssl 'certificate) he works perfectly. So i wanted to set a new one on Fedora 14, there is the problem..On my fedora 14, i tryed to use the configuration file that i've made on the F11 but withtout success. It seems that when i activate the SSL option on the server it does not want to start anymore... and i have no errors messages. I notice that when i desactivate the SSL "ssl_enable=NO" my server on F14 can start normaly.
[Code]...
View 1 Replies
View Related
Apr 14, 2010
I have just generated a new ssl key on my ftp server with the following command
Code:
I then put my new key onto my file server and attempted to connect to the FTP and it failed (this did work before with the default key).. I use curlFTPfs to mount the FTP directory locally as /ftpbackup, below is the command and the output.
Code:
Error connecting to ftp: server certificate not activated yet. As you see it gives an error about the certificate not being activated, I have looked this up and cant find a way to activate it.
Below is the contents of vsftpd.conf on the ftp server
Code:
View 1 Replies
View Related
Oct 13, 2010
how to configure vsftpd server, to enable users upluoad files with right permisions. I create user like this:
Code:
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/<newUser>.domain.com
a2ensite <newUser>.domain.com
/etc/init.d/apache2 restart
[Code].....
So, in summary, how to make ftp to create files with permisions e.g. +rwxrwxr-x or smth more clever..
View 4 Replies
View Related
Jul 16, 2010
I need to establish an FTP server- one with VSFTPD & one with sFTP having at least 300 users in both. My question is what minimum hardware configuration should I go for both to have excellent performance.
View 1 Replies
View Related
Mar 13, 2011
I just want to configure Vsftpd to allow users to have total access to the FTP server. The server and users are all on a private LAN behind a router with no access from the Net, so I don't need any security. The following basic configuration doesn't allow uploading files after I log on as anonymous/whatever:
/etc/vsftpd/vsftpd.conf
Code:
listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
xferlog_file=YES
#anonymous users are restricted (chrooted) to anon_root
#anon_root=/home/ftp/incoming
anon_root=/var/ftp
anon_upload_enable=YES
anon_mkdir_write_enable=YES
#chroot_local_user=NO
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd.chroot_list
Here's what happens when I log on as anonymous/whatever and try to upload a file:
> ftp server
Connected to server.
220 (vsFTPd 2.0.5)
Name (server:root): anonymous
331 Please specify the password.
Password:<whatever>
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -al
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x 3 0 0 4096 Mar 13 11:19 .
drwxr-xr-x 3 0 0 4096 Mar 13 11:19 ..
drwxr-xr-x 2 0 0 4096 May 25 2010 pub
226 Directory send OK.
ftp> put /var/tmp/ftp
local: /var/tmp/ftp remote: /var/tmp/ftp
200 PORT command successful. Consider using PASV.
553 Could not create file.
View 4 Replies
View Related
Aug 24, 2011
I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
View 1 Replies
View Related
Feb 4, 2010
I'd like to configure vsftpd server in a way to allow remote user (local) too see and edit configuration files in their ftp directory starting from dot (like .htaccess, for example). With default configuration + "local_allowed = yes" it does not appear to be possible:user can successfully upload .file but could neither see if it is in directory nor download it.
View 5 Replies
View Related
Apr 22, 2011
I use WLM (And yes, I realise odds are this is a problem on microsofts side) and almost every time claws mail connects WLM returns a new certificate. Valid, but I have to constantly accept or deny the certificate. Why is WLM pumping out fresh certs all the time and how can I fix this?
Whenever this pops up whatever I have at the moment shows "Signature status: No certificate issuer found" and the other shows "Signature status: Correct".
View 2 Replies
View Related
Jun 20, 2011
I had to do a hard shut down on my linux computer. Every since then it is not working properly and I get an invalid certificate on every page.I have never upgraded Debian since I installed it two years ago. With my experience with Gentoo I have found that upgrades can be a problem and it worked fine so I never messed with it.
View 9 Replies
View Related
Jul 17, 2011
Is it possible to provide encryption over HTTPS without a certificate?
I can't afford a certificate from a CA, but I do want to provide encryption with my website... without a self-signed certificate because I hate that screen popping up on the clients computer on first visits.
View 4 Replies
View Related
Jun 9, 2015
I need to renew my SSL cert for my Mahara site and I follow the instructions below. But after I finish answering all the questions for the csr, I'm supposed to copy a portion of the cert into a web form. However I can't seem to find the server.csr so I can do this. Were this file goes?
Here is a step-by-step description:
Make sure OpenSSL is installed and in your PATH.
Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
$ openssl genrsa -des3 -out server.key 1024
Please backup this server.key file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command:
$ openssl rsa -noout -text -in server.key
If necessary, you can also create a decrypted PEM version (not recommended) of this RSA private key with:
$ openssl rsa -in server.key -out server.key.unsecure
Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
$ openssl req -new -key server.key -out server.csr
Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR for a website which will be later accessed via https://www.foo.dom/, enter "www.foo.dom" here. You can see the details of this CSR by using:
$ openssl req -noout -text -in server.csr
View 2 Replies
View Related
Feb 12, 2016
I just set up my Debian 8.3.0 Jessie install a couple of days ago. Today I am having a problem carrying out a command in terminal. All I want to do at the moment is make sure my firewall is active. I log in and out of my computer using the password that I set when I originally installed Debian, and I use the same password in the package updater, but today it would not accept that password in terminal. Here is what I am seeing;
rocky@debian:~$ sudo ufw-enable
[sudo] password for rocky:
rocky is not in the sudoers file. This incident will be reported.
rocky@debian:~$ sudo ufw-enable
[sudo] password for rocky:
Sorry, try again.
[sudo] password for rocky:
How do I use terminal? What password am I to use?
View 14 Replies
View Related
Feb 26, 2015
I install debian, I when I restart apache2, I got this error
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Feb 26 11:53:45 2015] [warn] RSA server certificate CommonName (CN) `Ismo' does NOT match server name!?
How can I modify the commonName of the RSA server certificate?
View 1 Replies
View Related
May 21, 2010
I'm trying to get Nautilus to open avi files with VLC instead of Totem. This succeeded for two of the three computers I have Debian on, but not on my EeePC. I right click the file, click "Open with other application", select VLC, and check that the "always use this application" option is checked (it always is). Then I click OK and it opens the file with VLC. But it doesn't remember the change; if I try opening any avi file again, it'll go back to Totem.
View 3 Replies
View Related
Jun 20, 2010
I have just completed a debian netinstall, but am stuck at the "Welcome" screen. Though I took careful notes during the install re the "user account" (did not use my name as my purpose is to get the pc running and give it away) and "user password," it will not accept them. I would like to change or edit both (debian isn't telling me which is incorrect). How can this be done?
Also, this is looking for the "user account" - not the root info, right?
If I am forced to reinstall the OS, will I have to go through the entire process (partitions and all)?
View 9 Replies
View Related
Dec 27, 2010
Things beyond my control are causing me to rush a bit in getting the website moved. I'm working hard to try and get it done, but something else has come up that SSL Certificate.I know that our website's "basket" area is protected by an SSL certificate to ensure customer information, especially credit info, is secure. With the move to Amazon's service, it looks like I may need to create our own self-signed SSL certificate to ensure the basket area remains secure.
I have found guides that walk through how to make one yourself and configuring apache to allow it, but something else has come to mind. The guides I found don't really indicate where the SSL certificate goes afterwards, and also doesn't suggest which sections should be governed by the certificate (as only the basket section uses it, not anything else). How would I find out that information?
View 1 Replies
View Related
Sep 17, 2010
I just installed ecryptfs (debian Lenny). However, when I try to run it (as normal user), I get the following
$ ecryptfs-setup-private Enter your login passphrase: And it wont accept any password (naturally since this is the first time I'm running it).
View 2 Replies
View Related
Feb 5, 2010
I have installed vsftpd by "yum -y install vsftpd",disabled anonymous login and set .When I use a linux client's file browser to login using a user account "ftpacc" by ftp://ip_address, its location is "/" instead of /home/ftpacc".When I use a window client to login, its location is "/home/ftpacc"
View 1 Replies
View Related
Jul 31, 2009
I havent worked on a linux system in about 6 years so Im a little rusty and wasnt that great 6 years ago. Im trying to create a user that can only upload to the server. I have picked at several post tutorial and such but its still not working. Currently you can still upload and download even though you should only be able to upload. Im sure Im missing something but have no clue what
vsftpd configuration
View 1 Replies
View Related
