requesting the certificate:
Creating the CSR (Certificate Signing Request):
# openssl req -new -days 365 -keyout vsftp.key -out vsftp.crt<<BR>>
now we export the private key from the key-file to let vsftpd start without prompt for a password.
# openssl rsa -in vsftp.key -out vsftp_out.key<<BR>>
on this point, visit the CAcert.org page and start adding a server certificat
paste the content of vsftp.crt in the field below
"Fügen Sie Ihre Zertifikat-Anfrage (CSR) in folgendes Formularfeld ein:"
You should receive within a few minutes your signed certificate via email.
overwrite the content of vsftp.crt file with the certificate you should reveived from CACert.
at last, we have to connect our key with the certificate.
# cat vsftp.crt vsftp_out.key > /etc/ssl/certs/vsftp.pem<<BR>>
setup vsftpd for ssl usage
these are the required lines for your vsftpd.conf
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES rsa_cert_file=/etc/ssl/certs/vsftp.pem