How to set up FTPS in Centos7

Introduction:  

FTPS (also known as FTPES, FTP-SSL) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. FTP is by nature a rather unsecure protocol. Add TLS support to prevent your sessions from being vulnerable to man-in-the-middle-attacks.  

1. Configure pure-ftpd    

#  vi   /etc/pure-ftpd.conf   

 Set TLS to 0  if you are not to allow TLS (only FTP );

Set TLS to 1  if you want to allow FTP and TLS sessions ;

Set TLS to 2  if you want to accept TLS sessions only ( No FTP);  

Uncomment the two lines below:  

Save the altered configuration file .  

2. Create the SSL certificate for TLS    

 2.1 Create the required directory to save the SSL certificate  

# mkdir -p /etc/ssl/private/      

2.2 Generate the SSL certificate as follows:

  # openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

 Country Name (2 letter code) [XX]: <– Enter your Country Name (e.g., “DE”).
State or Province Name (full name) []:<– Enter your State or Province Name.
Locality Name (eg, city) [Default City]:<– Enter your City.
Organization Name (eg, company) [Default Company Ltd]:<– Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:<– Enter your Organizational Unit Name (e.g. “IT Department”).
Common Name (eg, your name or your server’s hostname) []:<– Enter the Fully Qualified Domain Name of the system (e.g. “server1.example.com”).
Email Address []:<– Enter your Email Address.    

2.3 Secure the certificate

#chmod 600 /etc/ssl/private/pure-ftpd.pem  

2.4 Restart PureFTPd:

# systemctl restart pure-ftpd.service