從有為青年變成有為中年男子的生活札記

1. 上proftpd的網站下載最新的版本（撰寫時的版本為1.2.10） 2. 解開檔案並安裝...

# tar zxvf proftpd-1.2.10.tar.gz # cd proftpd-1.2.10

我的需求是要支援MySQL & SSL ( TLS )

# ./configure --with-modules=mod_tls \ ? --with-modules=mod_sql:mod_sql_mysql \ ? --with-includes=/usr/local/include \ ? --with-libraries=/usr/local/lib/mysql # make # make install

3. 接下來製作憑證

# mkdir /etc/ssl/certs # mkdir /etc/ssl/private # chmod og-rwx /etc/ssl/private # mkdir /etc/ssl/crl # mkdir /etc/ssl/newcerts

修改 /etc/ssl/openssl.cnf 把 dir = ./demoCA 改成 dir = /etc/ssl 製作最高層認證中心 (Root CA) Private Key ( Public Key )

# openssl genrsa -des3 -out /etc/ssl/private/myrootca.key 2048 # chmod og-rwx /etc/ssl/private/myrootca.key

填寫憑證申請書 (然後按照問題回答即可)

# openssl req -new -key /etc/ssl/private/myrootca.key -out /tmp/myrootca.req

簽發憑證

# openssl x509 -req -days 7305 -sha1 -extfile /etc/ssl/openssl.cnf -extensions v3_ca -signkey /etc/ssl/private/myrootca.key -in /tmp/myrootca.req -out /etc/ssl/certs/myrootca.crt

# rm -f /tmp/myrootca.req 製作伺服器用的憑證 Private Key ( Public Key )

# openssl genrsa -out /etc/ssl/private/myhost.key 2048 # chmod og-rwx /etc/ssl/private/myhost.key

填寫憑證申請書

# openssl req -new -key /etc/ssl/private/myhost.key -out /tmp/myhost.req

用最高層認證中心簽發憑證

# openssl x509 -req -days 3650 -sha1 -extfile /etc/ssl/openssl.cnf -extensions v3_req -CA /etc/ssl/certs/myrootca.crt -CAkey /etc/ssl/private/myrootca.key -CAserial /etc/ssl/myrootca.srl -CAcreateserial -in /tmp/myhost.req -out /etc/ssl/certs/myhost.crt

# rm -f /tmp/myhost.req 參考自這個網址：http://std1.mis.yzu.edu.tw/~s882617/FNP/proftpd_tls.htm 4. 接下來設定/usr/local/etc/proftpd.conf，主要是在最後加上以下有關TLS的設定

< IfModule mod_tls.c > TLSEngine on TLSLog /var/log/tls.log TLSProtocol SSLv23 TLSOptions NoCertRequest TLSRequired On TLSRSACertificateFile /etc/ssl/certs/myhost.crt TLSRSACertificateKeyFile /etc/ssl/private/myhost.key TLSCACertificateFile /etc/ssl/certs/myrootca.crt TLSVerifyClient On < /IfModule>