How to set up FTPS in Centos7
FTPS (also known as FTPES, FTP-SSL) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. FTP is by nature a rather unsecure protocol. Add TLS support to prevent your sessions from being vulnerable to man-in-the-middle-attacks.
1. Configure pure-ftpd
# vi /etc/pure-ftpd.conf
Set TLS to 0 if you are not to allow TLS (only FTP );
Set TLS to 1 if you want to allow FTP and TLS sessions ;
Set TLS to 2 if you want to accept TLS sessions only ( No FTP);
Uncomment the two lines below:
Save the altered configuration file .
2. Create the SSL certificate for TLS
2.1 Create the required directory to save the SSL certificate
# mkdir -p /etc/ssl/private/
2.2 Generate the SSL certificate as follows:
# openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) :<-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]:<-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]:<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) :<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) :<-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address :<-- Enter your Email Address.
2.3 Secure the certificate
#chmod 600 /etc/ssl/private/pure-ftpd.pem
2.4 Restart PureFTPd:
# systemctl restart pure-ftpd.service