Overview

This article has been mirrored from the Parallels Knowledge Base as a courtesy to our (dv) Dedicated-Virtual Server customers. As they are the authoritative source of the information covered in this article, we encourage you to check their original article. Keep in mind that this content is subject to change.

Solution

Plesk's ProFTPd sever has a compiled-in mod_tls.c module for SSL support. SSL support can be configured in /etc/proftpd.conf for example in the following way:

<IfModule mod_tls.c>

    TLSEngine on

    TLSLog /var/log/tls.log

    TLSProtocol SSLv23



    # Are clients required to use FTP over TLS?

    TLSRequired off



    # Server's certificate

    TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem

    TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem



    # Authenticate clients that want to use FTP over TLS?

    TLSVerifyClient off



    # Allow SSL/TLS renegotiations when the client requests them, but

    # do not force the renegotations.  Some clients do not support

    # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these

    # clients will close the data connection, or there will be a timeout

    # on an idle data connection.

    TLSRenegotiate required off

  </IfModule>
   

The values in TLSRSACertificateFile and TLSRSACertificateKeyFile are options you can use for the Plesk certificate. For example, use /usr/local/psa/admin/conf/httpsd.pem or your own.

Resources

• See http://proftpd.org/docs/directives/linked/config_ref_mod_tls.html for available FTP SSL service configuration directives.
• Examples and FAQs: http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
• You can also use just use SFTP, which is an extension of SSH, and has nothing in common with the FTP protocol. See http://en.wikipedia.org/wiki/SSH_file_transfer_protocol for more information.