我目前在ProFTPD中安装一个StartSSL证书时遇到一些麻烦。
这些是我有的文件:
cert.pem - certificate file cert.key - corresponding key file sub.class2.server.ca.pem - intermediate certificate ca.pem - root certificate 在Apache中,我有以下configuration工作正常:
SSLCertificateFile cert.pem SSLCertificateKeyFile cert.key SSLCertificateChainFile sub.class2.server.ca.pem SSLCACertificateFile ca.pem
我应该如何为我的指定证书configurationProFTPD? 无论我尝试什么,我都会得到证书链不完整或者最后一个证书(根证书)是自签名的错误。 我尝试将cert.pem单独放在TLSRSACertificateFile和TLSCACertificateFile中的链+根证书,我尝试将根放在TLSCACertificateFile和TLSCertificateChainFile中的链中,我尝试将根放入TLSCACertificateFile和TLSRSACertificateFile中的cert +链,没有任何工作。
任何帮助,将不胜感激。
这来自ProFTPD在线文档 :
<IfModule mod_dso.c> # If mod_tls was built as a shared/DSO module, load it LoadModule mod_tls.c </IfModule> <IfModule mod_tls.c> TLSEngine on TLSLog /var/ftpd/tls.log # Support both SSLv3 and TLSv1 TLSProtocol SSLv3 TLSv1 # Are clients required to use FTP over TLS when talking to this server? TLSRequired off # Server's certificate TLSRSACertificateFile /etc/ftpd/server.cert.pem TLSRSACertificateKeyFile /etc/ftpd/server.key.pem # CA the server trusts TLSCACertificateFile /etc/ftpd/root.cert.pem # Authenticate clients that want to use FTP over TLS? TLSVerifyClient off # Allow SSL/TLS renegotiations when the client requests them, but # do not force the renegotations. Some clients do not support # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these # clients will close the data connection, or there will be a timeout # on an idle data connection. TLSRenegotiate none </IfModule>
在这里检查所有可能的与TLS / SSL相关的指令。
您还应该validation证书链。 您可以使用标准工具(如OpenSSL)来做到这一点: