COMMAND DUMP – upgrading a standard proftpd install to TLS

upgrade a basic proftpd install to support FTPS with these commands

cd /etc/proftpd
mkdir -p ssl
openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem
chmod 600 ssl/proftpd.*

Follow the prompts to put in your valid organization name

Then open the conf file #vi proftpd.conf and add the following (if the <IfModule mod_tls.c> directive already exist,  replace the contents with the contenst below)

<IfModule mod_tls.c>

TLSEngine on
TLSLog /var/log/proftpd/tls.log
#TLSProtocol TLSv1.2
TLSCipherSuite AES128+EECDH:AES128+EDH
TLSOptions NoCertRequest AllowClientRenegotiations
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient off
TLSRequired on
RequireValidShell no

Restart proftpd

/etc/init.d/proftpd stop
/etc/init.d/proftpd start

Your can test this by running the following command to make sure that you can connect using the certificate

openssl s_client -connect -starttls ftp