Ubuntu 10.10, ISPconfog 3.0.3.2. Installed following http://www.howtoforge.com/perfect-server-ubuntu-10.10-maverick-meerkat-ispconfig-3-p4 and http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS Double check using http://www.howtoforge.com/how-to-configure-pureftpd-to-accept-tls-sessions-on-debian-lenny Try dozen of self signed and godaddy certificates. But still can't login using FTPES (explict TLS/SSL) Usual plain FTP works fine. Switching FTP+TLS Code: root@server1:/home/user# echo 1 > /etc/pure-ftpd/conf/TLS Ilustrate full certificate generation process: Code: root@server1:/home/user# /etc/init.d/pure-ftpd-mysql restart Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -D -O clf:/var/log/pure-ftpd/transfer.log -Y 1 -u 1000 -H -E -8 UTF-8 -b -A -d -B root@server1:/home/user# openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem Generating a 2048 bit RSA private key ..............+++ ...............................................+++ writing new private key to '/etc/ssl/private/pure-ftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:LV State or Province Name (full name) [Some-State]:LV Locality Name (eg, city) []:LV Organization Name (eg, company) [Internet Widgits Pty Ltd]:LV Organizational Unit Name (eg, section) []:LV Common Name (eg, YOUR name) []:server1.mydomain.me Email Address []:[email protected] Restarting pure-ftpd-mysql Code: root@server1:/home/user# /etc/init.d/pure-ftpd-mysql restart Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -D -O clf:/var/log/pure-ftpd/transfer.log -Y 1 -u 1000 -H -E -8 UTF-8 -b -A -d -B Got normally looking certificate and key. Code: cat pure-ftpd.pem -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAuFOxcX9pBvt9qBR8rLQ0q222y3rCtnZUJNTxZxLHKxt9gfVD 30WOqf7dX4JuNbZU9WkRC9iVBV/GfH4Pddh/XpHtvUUMfI/CX7uUqJkAoCPiRPlE ...... faAs69cSo9UrkCg6+9wRWfi24tOkzqbiOqoC0yceIWxoYYErbwfpG5fJ6Ybzzsko 0MHXwckPaBirJd4gFVVOTaHLYgGVJvyQQFu+gO/NFysGcRvQKU9A0w== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIEVzCCAz+gAwIBAgIJAPGR8PXLd+qXMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV ......... JATs50UFqxej5QWWDn+ozsfcYH1px8CDR1LJiBF68D6eh0KPC9HnIvqfR+4WNJFJ Oibz9buSPbZ3CpcF2ci2PRdzC6tss0BE+g/ziNFXWObE0/pvOQB02z/Jzzf0o1/M RPCIR87dvbpEQ/E= -----END CERTIFICATE----- And when i try to connect. Using filezilla with explicit TLS method as described i get. Code: Status: Resolving address of server1.mydomain.at Status: Connecting to 1.1.1.1:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 1 of 50 allowed. Response: 220-Local time is now 15:25. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Response: 234 AUTH TLS OK. Status: Initializing TLS... Error: GnuTLS error -73: ASN1 parser: Error in TAG. Error: Could not connect to server Status: Waiting to retry... Status: Resolving address of server1.mydomain.at Status: Connecting to 1.1.1.1:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 1 of 50 allowed. Response: 220-Local time is now 15:25. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Response: 234 AUTH TLS OK. Status: Initializing TLS... Error: GnuTLS error -73: ASN1 parser: Error in TAG. Error: Could not connect to server Debug log from server: Code: Jan 25 15:25:33 server1 pure-ftpd: ([email protected]) [INFO] New connection from 1.1.1.1 Jan 25 15:25:33 server1 pure-ftpd: ([email protected]) [DEBUG] Command [auth] [TLS] Jan 25 15:25:33 server1 pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions are not accepted on this server.#012Please reconnect using SSL/TLS security mechanisms. Have tried different ftp client SmartFTP (which is also pureftp TLS supported). His output. Code: [15:30:28] 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- [15:30:28] 220-You are user number 2 of 50 allowed. [15:30:28] 220-Local time is now 15:30. Server port: 21. [15:30:28] 220-This is a private system - No anonymous login [15:30:28] 220-IPv6 connections are also welcome on this server. [15:30:28] 220 You will be disconnected after 15 minutes of inactivity. [15:30:28] AUTH TLS [15:30:28] 234 AUTH TLS OK. [15:30:28] SSL: Error (Error=0x80090308). [15:30:28] The token supplied to the function is invalid [15:30:28] Client closed the connection. [15:30:28] Connect failed. Waiting to retry (30s)... Maybe someone has find some solution. I am so
Have you tried to accept the default values (by just pressing ENTER) when you generated the certificate?
is it possible for you to paste here correct working certificate (self tested). i know it sounds stupid but i just can't imagine what else i could try to test.
Did you install the pure-ftpd package from Ubuntu or did you compile it yourself or got it from any other source?
following instructions from http://www.howtoforge.com/perfect-server-ubuntu-10.10-maverick-meerkat-ispconfig-3-p4 aptitude install pure-ftpd-common pure-ftpd-mysql quota quotatool
It seems as if ubuntu compiles pure-ftpd with the gnutls library for ssl instead of openssl. I've read in the internet that certs created with openssl sometimes cause parsing errors with gnutls. So you might want to try to create a new self signed certificate with the cert tool that comes with gnutls instaed of the openssl tool and try to use that with pure-ftpd. Here is a tutorial to create a key and certificate with gnutls: http://ubuntuforums.org/showthread.php?t=1241136
gnutls certificates helps. But i can't find any how to compile pure-ftp with openssl library. becouse i need to use legimite openssl certificate from godaddy.
