[root@dywftp ~]# openssl req -days 3650 -new -x509 -nodes \ > -out /etc/pki/tls/private/vsftpd.pem -keyout /etc/pki/tls/private/vsftpd.key \ > -subj '/C=TW/ST=Taiwan/L=CYUT/O=CSIE/CN=csie.cyut Certificate Authority' Generating a 2048 bit RSA private key ......................................................+++ .................................+++ writing new private key to '/etc/pki/tls/private/vsftpd.key'
[root@dywftp ~]# vim /etc/vsftpd/vsftpd.conf [root@dywftp ~]# grep rsa /etc/vsftpd/vsftpd.conf rsa_cert_file=/etc/pki/tls/private/vsftpd.pem rsa_private_key_file=/etc/pki/tls/private/vsftpd.key
[root@dywftp ~]# vim /etc/vsftpd/vsftpd.conf [root@dywftp ~]# tail -n4 /etc/vsftpd/vsftpd.conf ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES
[root@dywftp ~]# vim /etc/vsftpd/vsftpd.conf [root@dywftp ~]# tail -n3 /etc/vsftpd/vsftpd.conf ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO
[root@dywftp ~]# vim /etc/vsftpd/vsftpd.conf [root@dywftp ~]# tail -n1 /etc/vsftpd/vsftpd.conf require_ssl_reuse=NO
[root@dywftp ~]# vim /etc/vsftpd/vsftpd.conf [root@dywftp ~]# tail -n1 /etc/vsftpd/vsftpd.conf ssl_ciphers=HIGH
[root@dywftp ~]# /etc/init.d/vsftpd restart Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ]
[root@kvm8 ~]# chkconfig vsftpd on