Vsftpd with SSL

Introduction:
Few days back one of customer asked to have more security on their data transfer via ftp. I have heard of encryption,SSL and all. I know how to build the CA and create the certificates but don’t know how to integrate it with VSFTPD or alternatively I can say that I did not get such requirement. Vsftpd with SSL is pretty straight forward and very easy to configure just create the self sign certificate just like i did, if you can not buy the trusted certificate from registered CA. Procedure to configure the vsftpd with SSL supports is as given below:

vsftpd is the default FTP server supplied with CentOS. It should be installed by default (?) If it isn’t you may install it by one of these methods:
Using yum (if you’ve installed yum):
Install VSFTPD:

[root@Gladiator]#yum install vsftpd

Generate a Certificate:
You use OpenSSL to generate a certificate for vsftpd. The certificate is store on your server, in a location of your choice. Here I choose to put it in the /etc/vsftpd directory. As well, you specify a ‘lifetime’ for the certificate; here’s it set for a year (“-days 365”).
Note that the backslashes only signify line breaks. You should be able to copy/paste & run it as it is, or remove the backslashes and the line breaks. You may need to create this directory first (mkdir /etc/vsftpd).

[root@Gladiator]#openssl req -x509 -nodes -days 365 -newkey rsa:1024 \
 -keyout /etc/vsftpd/vsftpd.pem \
 -out /etc/vsftpd/vsftpd.pem

You will be prompted with a series of question, which you answer as they appear. When done the certificate will be installed in the /etc/vsftpd directory.
Configure vsftpd:
To configure vsftpd you edit the file /etc/vsftpd/vsftpd.conf and add the following lines:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

Restart vsftpd for these settings to take effect:

[root@Gladiator]#/etc/rc.d/init.d/vsftpd restart

”’NOTE:”’If you set “force_local_logins_ssl=YES” then your clients will be required to use an FTP client that supports AUTH TLS/SSL in order to connect. If you leave it at “NO” then people can connect securely or insecurely.

I'm happy to use Increase Sociability.