sftpd: No available certificate or key corresponds to the SSL cipher suites which are enabled?

Posted by Arcturus on Super User See other posts from Super User or by Arcturus
Published on 2010-04-03T12:54:17Z Indexed on 2010/04/03 13:03 UTC
Read the original article Hit count: 670

Filed under:
|
|

Hello.

I'm trying to setup vsftpd on Fedora 12. I need to require use of FTPS, and for now need to use a self-signed SSL certificate.

I managed to get the vsftpd service running and to connect as my user. I can list the home directory, but as soon as I try to list another directory, download or upload a file, I get this error:

No available certificate or key corresponds to
the SSL cipher suites which are enabled.

And the xfer log is empty.

I've been Googling it for a while now, but still can't understand the problem.

Here's how I installed vsftpd:

su
yum install vsftpd
chkconfig vsftpd on
service vsftpd start

I tried to generate the certificate in two ways. Here's the first one:

cd /etc/vsftpd
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem

Here's the second way:

cd /etc/pki/tls/certs
make vsftpd.pem

Here's my vsftpd configuration:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
nopriv_user=ftpsecure
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

# SSL settings
ssl_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
allow_anon_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

Does anyone know what the problem is and how to solve it?

© Super User or respective owner

Related posts about vsftpd

Related posts about ftps