How to use FTPS or SSL with FTP on Linux

Ftp uses port 21 for connection, if we want to use secure connection/transfers over ftp we can use below configuration.

In this post I am using 
1) VSFTPD(Very Secure FTP Daemon)
2) OpenSSL for certificate

  • To install both packages, run below
yum install vsftpd
yum install openssl

  •  Create Certificate and keys using OpenSSL

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
Generating a 1024 bit RSA private key
writing new private key to '/etc/vsftpd/vsftpd.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Uttar Pradesh
Locality Name (eg, city) [Default City]:Noida
Organization Name (eg, company) [Default Company Ltd]:Fun Oracle Apps Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:FOA Server
Email Address []

My Key and Cert files are same /etc/vsftpd/vsftpd.pem . You can give different names as well.

  • Configure VSFTPD
 Edit /etc/vsftpd/vsftpd.conf

Add below lines in the file

###FTP SSL parameters####
# Turn ON SSL
# Use encryption for data
# Use encryption for authentication

## Mention the Certificate and key file location####


###Enable TLS###


Other basic configurations if not already present/reuired

To allow all the local users added to the system to use FTP service, edit following line:

To prevent anonymous logins, edit the following line:

To accept FTP write commands, edit the following line:


With this setting, only a local user can access the FTP server and can issue write commands. But, if you want to preserve the individuality between the users and their contents you can setup a ‘chroot jail’ for the users, so that users are bound to work in their home directories and are not permitted to access any files outside them.


To enable logging of the transfers carried out, edit the following lines:


  • Restart vsftpd

     service vsftpd restart
  • Configure Automatic start of vsftpd
        chkconfig vsftpd on