# [Pure-ftpd] weird! TLS problem

## ryceck

Hey ppl,

I just installed pure-ftpd and configged it (like so many times before) and everything is working.

Then I found the miracle called TLS and wanted to try that.

Created an cetr-file in /etc/ssl/private with help of the TLS-readme, but it doesnt work :/

I get this:

```

[R] Connecting to servername.com-> IP=xxx.xxx.xxx.xxx PORT=21

[R] Connected to servername.com

[R] 421 Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]

[R] Connection failed

[R] Delaying for 120 seconds before reconnect attempt #1

```

My serversided logs tell me this:

```

Mar 10 21:50:49 [pure-ftpd] connect from xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)

Mar 10 21:50:49 [pure-ftpd] (?@?) [ERROR] Sorry, but that file doesn't exist: [/etc/ssl/private/pure-ftpd.pem]

```

And here comes the best part:

```

metal / $> cat /etc/ssl/private/pure-ftpd.pem

-----BEGIN RSA PRIVATE KEY-----

<<LOTS-OF-ENCYPTED-DATA>>

-----END RSA PRIVATE KEY-----

metal / $> l /etc/ssl/private/pure-ftpd.pem

-rw-r--r--  1 root root 887 Mar 10 21:21 /etc/ssl/private/pure-ftpd.pem

```

WTF is this  :Neutral:  Does pure-ftpd run a chroot without telling me?

Copying the directory to other locations (/etc /etc/pure-ftpd /etc/pureftpd) didnt work at all so my options are through  :Sad: 

----------

## ryceck

After filing a bug @ pureftpd.sf.net and not getting any replies so far i am wondering if there is truly nobody that knows a solution for this..?

----------

## toralf

My file is bigger:

```

nhh221 ~ # ls -l /etc/ssl/private/pure-ftpd.pem

-rw-r--r--  1 root root 2286 Feb 23 15:24 /etc/ssl/private/pure-ftpd.pem

```

The content is:

```

nhh221 ~ # cat /etc/ssl/private/pure-ftpd.pem

-----BEGIN RSA PRIVATE KEY-----

...

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----

```

----------

## ryceck

 *toralf wrote:*   

> My file is bigger:
> 
> ```
> 
> nhh221 ~ # ls -l /etc/ssl/private/pure-ftpd.pem
> ...

 

How did u create that file?

I used this straight from the manual:

```
openssl req -x509 -nodes -newkey rsa:1024 -keyout  /etc/ssl/private/pure-ftpd.pem   -out /etc/ssl/private/pure-ftpd.pem
```

And it created the file that resides in that directory.

And my content is:

-----BEGIN RSA PRIVATE KEY-----

---

-----END RSA PRIVATE KEY-----

I appear to be missing the certificate info...  :Question: 

Gonna try again 2night when i get acces to the server it resides on and will check back here to inform if it succeeds  :Smile: 

----------

## toralf

I made:

```

tfoerste@nhh221 ~ $ openssl req -x509 -nodes -newkey rsa:1024 -keyout ./pure-ftpd.pem   -out ./pure-ftpd.pem

Generating a 1024 bit RSA private key

.......................++++++

......++++++

writing new private key to './pure-ftpd.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:xx

State or Province Name (full name) [Some-State]:xxx

Locality Name (eg, city) xxx

Organization Name (eg, company) [Internet Widgits Pty xxx

Organizational Unit Name (eg, section) xxx

Common Name (eg, YOUR name) []:xxx

Email Address []:xxx

```

 and got:

```

tfoerste@nhh221 ~ $ wc pure-ftpd.pem

  36   44 2176 pure-ftpd.pem

tfoerste@nhh221 ~ $ grep -e BEGIN -e END pure-ftpd.pem

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

```

Do not forget to specify all informations for 'xx', without that no certificate will be created.

----------

