Setup VSFTPD on Ubuntu 16.04 LTS Server with SSL/TLS Certificates

FTP is still one of the easiest ways to upload and download files from remote servers… However, when using FTP, it’s better to add some encryptions by using SSL/TLS protocols…

This post shows students and new users how to install and configure VSFTPD to use SSL/TLS certificates on Ubuntu 16.04 LTS server with encryption enabled..

The reasons you may want SSL/TLS enabled on FTP is that FTP communicates over insecure channel… and someone with the right tool could intercept data between the server and client read it. With SSL/TLS, even if the data is intercepted, they may still be unable to read the content, and that’s because of the extra security.

For this post, we’re going to be using a self-signed certificate… If you can afford public cert, then more power to you..

Step 1: Install VSFTPD on Ubuntu 16.04 LTS

To install VSFTPD on Ubuntu, run the commands below…

sudo apt update 
sudo apt-get install vsftpd

After installing VSFTPD, the commands below can be used to stop, start and enable the server service to always start up when the server boots…

sudo systemctl stop vsftpd.service
sudo systemctl start vsftpd.service
sudo systemctl enable vsftpd.service

Step 2: Create a Self-signed SSL/TLS certificate

Now that VSFTPD is installed, run the commands below to generate a self-signed SSL/TLS certificate for the server… the commands create a server key called vsftpdserverkey.pem and store it in /etc/ssl/private and a certificate file called vsftpdcertificate.pem in the /etc/ssl/certs

sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/vsftpdserverkey.pem -out /etc/ssl/certs/vsftpdcertificate.pem -days 365

After running the commands above, you’ll be prompted to answer few questions about the certificate you’re generating… answer them and complete the process.

Generating a 2048 bit RSA private key
writing new private key to '/etc/ssl/private/vsftpdserverkey.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:Brooklyn
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Website for Students
Organizational Unit Name (eg, section) []:SSL Unit
Common Name (e.g. server FQDN or YOUR name) []
Email Address []

VSFTP server will use the key and certificate created above…

Step 3: Configuring VSFTPD to use SSL/TLS

Now that you’ve generated the server private key and certificate files, go and configure VSFTPD to use the SSL/TLS certificate created above… To do that, run the commands below to open VSFTPD default configuration file.

sudo nano /etc/vsftpd.conf

Then make the highlighted changes below so that the server can could communicate over SSL/TLS.

# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.

Save your changes and restart the server.

Step 3: Restart VSFTPD Server

After adding the highlighted lines to the file, save it. Then run the commands below to restart VSFTPD server.

sudo systemctl restart vsftpd

Now grab your favorite FTP client (FileZilla) and setup a new site in your site manage and use FTP protocol with encryption with explicit FTP over TLS… Type your username and password and connect.

vsftpd ssl connection

You should be prompted with a certificate… accept the certificate and continue. You may check the box at the bottom of the page to trusted the certificate so you don’t get prompted in the future…

vsftpd ubuntu ssl

You should now be transferring files securely via SSL/TLS.

vsftpd ubuntu ssl


You may also like the post below:

One Reply to “Setup VSFTPD on Ubuntu 16.04 LTS Server with SSL/TLS Certificates”

  1. Hi i tried above steps but i received below error, kindly advise.

    vsftpd.service – vsftpd FTP server
    Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Tue 2018-10-16 09:39:05 UTC; 1min 38s ago
    Process: 1055 ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf (code=exited, status=2)
    Process: 1052 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty (code=exited, status=0/SUCCESS)
    Main PID: 1055 (code=exited, status=2)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.