1. 上proftpd的網站下載最新的版本(撰寫時的版本為1.2.10)

2. 解開檔案並安裝...
# tar zxvf proftpd-1.2.10.tar.gz
# cd proftpd-1.2.10


我的需求是要支援MySQL & SSL ( TLS )



# ./configure --with-modules=mod_tls \
? --with-modules=mod_sql:mod_sql_mysql \
? --with-includes=/usr/local/include \
? --with-libraries=/usr/local/lib/mysql
# make
# make install



3. 接下來製作憑證



# mkdir /etc/ssl/certs
# mkdir /etc/ssl/private
# chmod og-rwx /etc/ssl/private
# mkdir /etc/ssl/crl
# mkdir /etc/ssl/newcerts


修改 /etc/ssl/openssl.cnf
把 dir = ./demoCA 改成 dir = /etc/ssl

製作最高層認證中心 (Root CA)

Private Key ( Public Key )

# openssl genrsa -des3 -out /etc/ssl/private/myrootca.key 2048
# chmod og-rwx /etc/ssl/private/myrootca.key



填寫憑證申請書 (然後按照問題回答即可)

# openssl req -new -key /etc/ssl/private/myrootca.key -out /tmp/myrootca.req




簽發憑證

# openssl x509 -req -days 7305 -sha1 -extfile /etc/ssl/openssl.cnf
-extensions v3_ca -signkey /etc/ssl/private/myrootca.key -in /tmp/myrootca.req -out /etc/ssl/certs/myrootca.crt



# rm -f /tmp/myrootca.req

製作伺服器用的憑證


Private Key ( Public Key )

# openssl genrsa -out /etc/ssl/private/myhost.key 2048
# chmod og-rwx /etc/ssl/private/myhost.key


填寫憑證申請書
# openssl req -new -key /etc/ssl/private/myhost.key -out /tmp/myhost.req



用最高層認證中心簽發憑證

# openssl x509 -req -days 3650 -sha1 -extfile /etc/ssl/openssl.cnf
-extensions v3_req -CA /etc/ssl/certs/myrootca.crt -CAkey /etc/ssl/private/myrootca.key -CAserial /etc/ssl/myrootca.srl -CAcreateserial -in /tmp/myhost.req -out /etc/ssl/certs/myhost.crt




# rm -f /tmp/myhost.req

參考自這個網址:http://std1.mis.yzu.edu.tw/~s882617/FNP/proftpd_tls.htm

4. 接下來設定/usr/local/etc/proftpd.conf,主要是在最後加上以下有關TLS的設定


< IfModule mod_tls.c >
TLSEngine on
TLSLog /var/log/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRequired On
TLSRSACertificateFile /etc/ssl/certs/myhost.crt
TLSRSACertificateKeyFile /etc/ssl/private/myhost.key
TLSCACertificateFile /etc/ssl/certs/myrootca.crt
TLSVerifyClient On
< /IfModule>
arrow
arrow
    全站熱搜

    Bojack 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄