key rollover: proftpd
Proftpd
=======
The Debian packaging doesn't include key generation, so the following
steps should only be nessecary if SSL keys have been created externally.
An upcoming proftpd upload to unstable will include a tls.conf template
with the commment below.
Note that the self-signed certificate generation is bit
different from that suggested on the general openssl section, in order
to avoid using of an explicit password at daemon startup.
You can (re-)generate a self-signed certificate using a command like:
openssl req -x509 -newkey rsa:1024 \
-keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \
-nodes -days 365
Both file must be readable by root only. The file paths can be checked/configured
through the following configuration directives:
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSCACertificateFile /etc/ssl/certs/CA.pem
TLSOptions NoCertRequest
Reply to: