The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How-to use FTP with SSL

Discussion in 'General Discussion' started by rs-freddo, Mar 19, 2004.

  1. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    I've asked about this a couple of times on different forums and always get the same answer "you have to use SSH".

    Well they're wrong. Using SSL with FTP is in fact very easy.

    First you need a SSL enabled FTP client - I recommend CoreFTP LE. It is free and it works (what more could you want???).
    http://coreftp.com

    You also need to be using PROFTP, latest stable version with cPanel. If you don't have a PassivePorts directive then you MAY need one...
    place
    PassivePorts 35000 35999
    into
    /etc/proftpd.conf
    Make sure these ports are open on your firewall (TCP inbound).

    Start up Core FTP and add a site - under "SSL Options" tick "Auth SSL" or "Auth TLS" (both work for me) and "SSL Listings" and "SSL TRansfers" should both be ticked. Connect. You'll be asked to accept a Certificate from your server. Do so. You now have a padlock in the lower right corner.

    ONE PROBLEM so far. My clients connects with a cPanel issued Certificate and not my own Certificate. I imagine i have both there and it just uses one??? If anyone can shed light on this issue would be good.

    So you now have secure FTP for clients, there are heaps of how-tos on using SSL Email. Couple this with using SSL for control panel and your client space is completely SSL secured.

    Just one more hole plugged!:D
     
  2. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    To answer my own question the SSL conf file is located in:
    /etc/proftpd.conf
    in the section:
    <IfModule mod_tls.c>
    TLSEngine on
    TLSProtocol TLSv1
    TLSRequired off
    TLSRSACertificateFile /etc/ftpd-rsa.pem
    TLSRSACertificateKeyFile /etc/ftpd-rsa-key.pem
    TLSVerifyClient off
    </IfModule>

    Now i just have to figure out how to create a PEM file....
     
  3. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    If the Certificate is not correct (ie the servername is wrong) you can correct it by:
    cd /etc
    cp ftpd-rsa.pem ftpd-rsa.pem.bak
    cp ftpd-rsa-key.pem ftpd-rsa-key.pem.bak
    openssl req -new -x509 -days 3650 -nodes -out ftpd-rsa.pem -keyout ftpd-rsa-key.pem

    You will be asked a series of questions. Answer all of them (EXCEPT common name) with a "." - no quotes. Enter the actual common name (hostname) of your server.

    This will create a 509 certificate that will last 10 years.

    Login via SSL_FTP and see your new Certificate. Nice huh!

    On a last note to configure SSL email simply open Ports 995 (pop3) and 993 (imap) on your firewall and configure your email client to use SSL (in advanced???). The inbound server name will be your hostname not mail.yourdomain.com (so you don't get a SSL Certificate warning each time).
     
  4. Michael-MS

    Michael-MS Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Awesome.. this worked perfectly. Thanks!

    Michael
     
  5. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    Does this work with jailed users? Users who are jailed? The last time i tried it didnt. I had to unjail my own ftp account to use it. Seems useless if one needs to unjail the entire server just of offer this.
     
  6. Michael-MS

    Michael-MS Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Is FTP jailed by default? If so, then yes it works.. ;)
     
    #6 Michael-MS, Apr 27, 2004
    Last edited: Apr 27, 2004
  7. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    This works with a stock-standard cpanel server.
     
  8. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Does it work with pure-ftp?
     
  9. Michael-MS

    Michael-MS Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    The instructions are for editing proftp config files. ;)
     
  10. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Don't know...
     
  11. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    I'll give it a shot later, then. Thanks.
     
  12. bking

    bking Well-Known Member

    Joined:
    Mar 1, 2004
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney
    I think there is a difference when using sftp and ftp with TLS....
    sftp uses a ssh connection and will require a valid shell that has available commands. No certificate is required

    I think TLS is a different beast whereas it does a similar job as using https.... Someone may correct me if I am way off course :)
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Hi bking,

    No, you're quite correct.
     
Loading...

Share This Page