== requesting the certificate: ==

Creating the CSR (Certificate Signing Request):<<BR>>
{{{
# openssl req -new -days 365 -keyout vsftp.key -out vsftp.crt<<BR>>
}}}
now we export the private key from the key-file to let vsftpd start without prompt for a password.<<BR>>
{{{
# openssl rsa -in vsftp.key -out vsftp_out.key<<BR>>
}}}
on this point, visit the CAcert.org page and start adding a server certificat<<BR>> 

paste the content of vsftp.crt in the field below<<BR>> 
"Fügen Sie Ihre Zertifikat-Anfrage (CSR) in folgendes Formularfeld ein:"<<BR>>

You should receive within a few minutes your signed certificate via email.<<BR>> 

overwrite the content of vsftp.crt file with the certificate you should reveived from CACert.<<BR>>

at last, we have to connect our key with the certificate.<<BR>> 
{{{
# cat vsftp.crt vsftp_out.key > /etc/ssl/certs/vsftp.pem<<BR>>
}}}

== setup vsftpd for ssl usage ==

these are the required lines for your vsftpd.conf<<BR>> 
{{{
ssl_enable=YES

allow_anon_ssl=NO

force_local_data_ssl=NO

force_local_logins_ssl=NO

ssl_tlsv1=YES

ssl_sslv2=YES

ssl_sslv3=YES

rsa_cert_file=/etc/ssl/certs/vsftp.pem
}}}