NEED HELP WITH SSL AND PROFTPD!!

From: yO .. (another_at_time.com)
Date: 03/28/04 

Date: Sat, 27 Mar 2004 21:01:40 -0500

Ok simple quesiton(s).
What exactly do I need for ssl to work..
What I know...
I first have to create a private key on my server. (Should I use an RSA or
DSA key?)
Then I have to create a certificate using that private key. (For test
purposes)
Should I use a passphrase for what Im trying to do?
Do I have to produce a public key? if so .. how?

Do I have to place any of this manually within my ftp/ssl client (Im using
wsftp pro win)
Asking this becuase within wsftp pro there is a section I can make
certificates import and everything.
Why do these options exist if the server passes everything back and forth
between the ftp client.

Question concenring proftpd..
Below is what I placed in my proftpdconf

<IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/log/proftpd_ssl.log
    TLSProtocol TLSv1

    # Are clients required to use FTP over TLS when talking to this server?
    TLSRequired off

    # Server's certificate
    TLSRSACertificateFile /etc/ssl/certs/cacert.pem <-- My cert
    TLSRSACertificateKeyFile /etc/ssl/private/privkey.pem <--- My Private

    # CA the server trusts
   TLSCACertificateFile /etc/ftpd/root.cert.pem <-- What should I target
here?

    # Authenticate clients that want to use FTP over TLS?
    TLSVerifyClient off
</IfModule>

For all I know the above mod_tls setting I have above is completly wrong.
As we speak the client gets disconected immediatly.
Maybe there is something else I have to do to have the ssl connection
accept?

Ive read soo much shit online and find it stupidly hard to figure this out
for the first time..
Maybe somone can answer my questions ..
Or atleast point towards a website .. anything..

Thanks in Advance...
Menno will probably respond to this .. I hope.

Relevant Pages

  • Re: Location of users private key in PKI solution
    ... It sounds as though I should design the system so that the client ... signing/verification technology incorporated into the server. ... Presumably the steps in signing will be as follows: ... > The private key is typically located on the users machine. ...
    (microsoft.public.win2000.security)
  • Re: Location of users private key in PKI solution
    ... It sounds as though I should design the system so that the client ... signing/verification technology incorporated into the server. ... Presumably the steps in signing will be as follows: ... > The private key is typically located on the users machine. ...
    (microsoft.public.security)
  • [OT] Re: RSA implementation, please comment.
    ... on a separate server is actually a very good idea, ... This web front uses a well defined and secure ... Don't store the private key on the server. ... Every client gets a smartcard for the decryption (or a HSM, ...
    (comp.lang.perl.misc)
  • Re: Application DataMicrosoftCryptoRSAMachineKeys and windows xp service pack 2.0
    ... security settings state the "Everyone" has access to the private key file. ... The client side uses the policy file and can encrypt using the server public ... The server decrypts the request and does some business processing. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: How to use certificates?
    ... I expect that server will know the client public key, ... > private key for that certificate. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)