BlueQuartz enabling SSL/TLS FTP Support

This is my first attempt at putting online a step by step process in support of the BlueQuartz server appliance.

1) See if you are running a version of proftpd that has mod_tls.c module included

Execute Statement

 proftpd -i


Example Output: Note you are looking for mod_tls.c to be included otherwise these instructions will not work for you.

[root@ruth ~]# proftpd -l
Compiled-in modules:
  mod_core.c
  mod_xfer.c
  mod_auth_unix.c
  mod_auth_file.c
  mod_auth.c
  mod_ls.c
  mod_log.c
  mod_site.c
  mod_readme.c
  mod_auth_pam.c
  mod_tls.c
  mod_cap.c

2) Create SSL Certificate and directory to hold certificate

Create Directory:

 mkdir -p /etc/proftpd/ssl


Create SSL Certificate:

 openssl req -new -x509 \
 -days 365 \
 -nodes \
 -out /etc/proftpd/ssl/proftpd.cert.pem \
 -keyout /etc/proftpd/ssl/proftpd.key.pem


This will ask you a series of questions and generate the certificates

Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "US").
State or Province Name (full name) [Some-State]:
<-- Enter your State or Province Name (eg., Washington).
Locality Name (eg, city) []:
<-- Enter your City (e.g., "Seattle").
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:
<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, YOUR name) []:
<-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []:
<-- Enter your Email Address.


3) Edit /etc/proftpd.conf and add the text highlighted. Make note of placement in reference to existing configuration.
 

 nano -w /etc/proftpd.conf

<IfModule mod_tls.c>
    TLSProtocol TLSv1
</IfModule>

# Restore file permissions capability to site administrator
 <Global>
   # Report localtime, not GMT
   TimesGMT                     off
   ServerIdent                  on "FTP Server"
   IdentLookups                 off

<IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/log/tls.log

    # Are clients required to use FTP over TLS when talking to this server?
    TLSRequired off

    # Server's certificate
    TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
    TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem

    # Authenticate clients that want to use FTP over TLS?
    TLSVerifyClient off

    # Allow SSL/TLS renegotiations when the client requests them, but
    # do not force the renegotations.  Some clients do not support
    # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
    # clients will close the data connection, or there will be a timeout
    # on an idle data connection.
    TLSRenegotiate required off

</IfModule>

</Global>

4) Connect to server using a secure FTP client and choose FTP over Explicit SSL/TLS. If you dont have a secure FTP client try this free one FileZilla http://filezilla-project.org/