Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

CentOS7.6 ; Installation SSL certificate creation and FTP server installation

1.SSL certificate creation

1.1 Creating a CA self-certification authority

1.1.1 Advance preparation for CA construction

①Pass PATH to SSL commands
It is useful to do this so that CA.sh can be used

②Edit openssl.cnf

1.1.2 Create a CA-related certificate

①Create a self-signed CA certificate (cacert.pem) and a private key for the CA certificate (cakey.pem)

②The private key (cakey.pem) must never be seen by anyone else.

③Create a ca.der file to import the CA certificate into your browser
If you do not do this, you will get a warning every time you access the site. Use the following command to encode the file into a DER format that can be imported into the browser.

1.2 Create server-related certificates

Use the self-certified CA you created to issue a certificate for the desired site itself.

1.2.1 Create a private key for the server (newkey.pem)
1.2.2 Remove the password for the server private key

If you leave this password set, you will have to enter it every time you start SSL, which is a hassle, so remove it.

1.2.3 Create a certificate for the server (newcert.pem/server.crt)

①Create newcert.pem

②Create server.crt

2.Install an FTP server.

We will try to install the traditional proftpd instead of the standard vsftpd on CentOS7.

2.1 Download proftpd

There are many download sites, but here are some examples

2.2 Install proftpd

2.3 Post-installation settings

①Create user groups

②Edit the proFTPD configuration file (proftpd.conf)

The following is an example of a configuration file based on the CA settings on this page

Allow permissions to be changed in all directories.
<Limit SITE_CHMOD>
AllowAll
</Limit>
・・・・・・・・・・・
Make it impossible for Anonymous to log in.
Comment out all lines from "<Anonymous ~ftp>" to "</Anonymous>".
# <Anonymous ~ftp>
# User ftp
# Group ftp
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
#</Anonymous>
・・・・・・・・・・・・・・・・・・・・・・
FTP over SSL
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd.log
TLSProtocol SSLv23
TLSCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
TLSRequired off
TLSVerifyClient off
TLSRSACertificateFile /etc/pki/CA/certs/server.crt
TLSRSACertificateKeyFile /etc/pki/CA/certs/newkey.pem
TLSVerifyClient off
</IfModule>
タイトルとURLをコピーしました