# Unable to activate TLS in Pure-FTPD

## tabanus

I'm having difficulty setting up tls in pure-ftpd.

I followed the instructions at: http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS

I created the SSL key at /etc/ssl/private/pure-ftpd.pem using this command:

```
openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
```

Changed the permissions: 

```
chmod 600 /etc/ssl/private/*.pem
```

My /etc/conf.d/pure-ftpd file (comments stripped out):

```
# Config file for /etc/init.d/pure-ftpd

IS_CONFIGURED="yes"

SERVER="-S 21"

MAX_CONN="-c 30"

MAX_CONN_IP="-C 10"

DAEMON="-B"

DISK_FULL="-k 90%"

AUTH="-l puredb:/etc/pureftpd.pdb"

MISC_OTHER="-A -X -j -R -Z -M -H -Y 1"

```

I'm testing this over localhost using konqueror.

I can access ftp://localhost/ just fine. However, sftp://localhost/ gives this error:

```
Details of the Request:

URL: sftp://localhost/

Protocol: sftp

Date and Time: Friday 19 Sep 2014 18:47

Additional Information: Connection refused

Description:

Connection refused
```

If I change: SERVER="-S 21" to SERVER="-S 22" then try to access sftp://localhost/ I get this error:

```
Details of the Request:

URL: sftp://localhost/

Protocol: sftp

Date and Time: Friday 19 Sep 2014 18:49

Additional Information: Protocol mismatch: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------

Description:

Protocol mismatch: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
```

Not sure if it's something to do with the permissions I have on /etc/ssl/private (where the key resides), :

```
# ls -l /etc/ssl

total 40

drwxr-xr-x 2 root root 20480 Aug 25 18:47 certs

drwxr-xr-x 2 root root  4096 Aug 25 18:47 misc

-rw-r--r-- 1 root root 10835 Aug 25 18:46 openssl.cnf

drwx------ 2 root root  4096 Sep 18 23:25 private

```

Thanks

----------

## Hu

SFTP and FTP-over-TLS are different things.  SFTP is an FTP-like protocol that runs inside an ssh tunnel.  FTP-over-TLS is an SSL-encrypted connection to a traditional ftpd.  They provide similar functionality, but you cannot use a client speaking SFTP to talk to a server speaking FTP-over-TLS.

----------

## tabanus

OK, didn't know that.  How do I verify that TLS is active?

----------

## Hu

Use an ftp client that supports TLS and monitor the network traffic to confirm that you see an SSL handshake.  I prefer sftp over ftps, so I cannot provide more specific advice.

----------

## tabanus

OK, it seems I have to connect via ftpes://localhost (at least using filezilla)

Thanks

----------

