ProFTPD over TLS/SSL


#1

Hi, I’m trying to figure out how to configure my ftp server to use LE certs, I found this article and I would like to know if the information is correct/secure and in case the answer is yes if this is the best way to do that.

This is the link:

Thank you!


#2

Looks good to me. If your clients supports it, you could go with the “modern” cipher list from the Mozilla Wiki (just replace the value of TLSCipherSuite): https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility


#3

Thank you @pfg!
I used the new TLSCipherSuite from Mozilla Wiki. The connection succeed, but Filezilla ask me to authorize the “Unknown Certificate”, so if I don’t trust the certificate I get:

Status: Verifying certificate…
Error: Remote certificate not trusted.
Error: Critical error: Could not connect to server

How could I solve that?

Bests.


#4

Hello @acaparrelli,

The only thing you can do is trust the certificate. It is a Filezilla “feature” it doesn’t check the CAs that your OS trust so you need to manually trust it in the first connection. No matter whether it is a self-signed certificate, a let’s encrypt cert or a commercial one, in all of them, in the first connection, you need to trust it.

Edit: For more info you can check this post in filezilla forum.

Cheers,
sahsanu


Using LE with pure-ftpd