I'm in the process of setting up a FTP access over SSL on CentOS using VSFTPD and I'm having some issues.
I'm using an Apache with several Virtual servers, one for each domain.
Following some guides I've found on internet I managed to set up this config file, which I'm using together with the command openssl to generate both the cert and the key:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
default_bits = 2048
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = ES
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = My Province
localityName = Locality Name (eg, city)
localityName_default = My City
0.organizationName = Organization Name (eg, company)
0.organizationName_default = My Company Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = WebServices
commonName = Common Name (eg, YOUR name)
commonName_default = My Company Ltd
commonName_max = 64
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = myserver.com
DNS.2 = ftp.myserver.com
DNS.3 = mail.myserver.com
DNS.4 = julian.net
DNS.5 = ftp.julian.net
DNS.6 = mail.julian.net
DNS.7 = smith.org
DNS.8 = ftp.smith.org
DNS.9 = mail.smith.org
IP.1 = 111.112.113.114
I generate the cert and key using the following command:
openssl req -x509 -new -nodes -out certfile.crt -config certificate.conf -keyout keyfile.key -days 365 -newkey rsa:2048
After resetting vstfpd service, I connect to the server using FileZila and it complains with the message:
"ftp.myserver.com:21 - Host name does not match certificate"
In case I set the Common Name to "myserver.com", the problem is gone, but then the same problem appears with a different domain hosted on the server.
I suspect that I'm using the wrong approach and I should create a different cert for each domain, but the, sincerely, I don't know how to setup vsftpd.conf to point to a different cert, depending on the domain name.
Or maybe, do I have to store all certs for all the domains in a single file?
As you can see I'm pretty new to this, so I would really appreciate any help.
openssl x509 -in cert.pem -text