Installing SSL on FTP (vsftpd/proftpd)

Standard FTP transmits data and credentials in plain text. Securing your FTP server with SSL/TLS (known as FTPS) is essential for protecting your data. This guide covers the configuration for vsftpd and proftpd.

Prerequisites

Before you begin, ensure you have:

Root or sudo access to your Linux server
vsftpd or proftpd installed
Your SSL certificate and private key files

Step 1 — Configure vsftpd

Edit your vsftpd configuration file, usually located at /etc/vsftpd.conf.

# Enable SSL
ssl_enable=YES

# Path to certificate and key
rsa_cert_file=/etc/ssl/certs/yourdomain.crt
rsa_private_key_file=/etc/ssl/private/yourdomain.key

# Force SSL for logins and data transfer
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

# Specify SSL protocols
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

Restart vsftpd to apply changes:

sudo systemctl restart vsftpd

Step 2 — Configure proftpd

For proftpd, you typically need to enable the mod_tls module. Edit /etc/proftpd/proftpd.conf or the included TLS config file /etc/proftpd/tls.conf.

<IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/log/proftpd/tls.log
    TLSProtocol TLSv1.2 TLSv1.3

    # Path to files
    TLSRSACertificateFile /etc/ssl/certs/yourdomain.crt
    TLSRSACertificateKeyFile /etc/ssl/private/yourdomain.key
    TLSCACertificateFile /etc/ssl/certs/ca-bundle.crt

    # Force TLS
    TLSRequired on
</IfModule>

Restart proftpd to apply changes:

sudo systemctl restart proftpd

Step 3 — Verify Installation

Use an FTP client like FileZilla. When connecting, ensure you select "Require explicit FTP over TLS" in the Site Manager settings. You should be prompted to trust the certificate upon connection.

💡

Firewall Note: FTPS requires passive ports to be open in your firewall. Ensure you define a pasv_min_port and pasv_max_port in your config and open them in your firewall (e.g., UFW or iptables).

Prerequisites

Step 1 — Configure vsftpd

Step 2 — Configure proftpd

Step 3 — Verify Installation

Related Guides