The article provides a step-by-step guide on setting up ProFTPD on Ubuntu Linux with SSL/TLS certificates for secure data transfer. The post covers how to install ProFTPD, generate a self-signed SSL/TLS certificate and configure ProFTPD to use the certificate. Finally, it explains how to transfer files securely via SSL/TLS, enhancing security amid potential data interception.
This article describes setting up ProFTPD on Ubuntu Linux with SSL/TLS certificates.
When transferring files to a remote server, File Transfer Protocol (FTP) is still one of the easiest ways to do it. However, it’s better to add some encryptions using SSL/TLS protocols when using FTP.
You may want SSL/TLS enabled on FTP because FTP communicates over an insecure channel, and someone with the right tool could intercept data between the server and the client reading it.
With SSL/TLS, even if the data is intercepted, they may still be unable to read the content, and that’s because of the extra security.
How to Install ProFTPD on Ubuntu Linux
First, you’ll want to install ProFTPD. To do that in Ubuntu Linux, run the commands below.
sudo apt update sudo apt-get install proftpd
It would be best to get a prompt during the installation with the message below: Select standalone.
ProFTPD can be run either as a service from inetd, or as a standalone server. Each choice has its own
benefits. With only a few FTP
connections per day, it is probably better to run ProFTPD from inetd in order to save resouces.
Run proftpd:
from inetd
standalone
After installing ProFTPD, the commands below can be used to stop, start and enable the server service to always start up when the server boots.
sudo systemctl stop proftpd.service sudo systemctl start proftpd.service sudo systemctl enable proftpd.service
How to create a self-signed SSL/TLS certificate
Now that ProFTPD is installed, run the commands below to generate a self-signed SSL/TLS certificate for the server.
The commands create a server key called proftpdserverkey. pem and store it in /etc/SSL/private and a certificate file called proftpdcertificate. pem in the /etc/SSL/certs.
sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/proftpdserverkey.pem -out /etc/ssl/certs/proftpdcertificate.pem -days 365
After running the commands above, you’ll be prompted to answer a few questions about the certificate you’re generating… answer them and complete the process.
Generating a 2048 bit RSA private key ...+++ .+++ writing new private key to '/etc/ssl/private/proftpdserverkey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:Brooklyn Organization Name (eg, company) [Internet Widgits Pty Ltd]:Website for Students Organizational Unit Name (eg, section) []:SSL Unit Common Name (e.g. server FQDN or YOUR name) []:example.com Email Address []:webmaster@example.com
VSFTP server will use the key and certificate created above.
How to configure ProFTPD to use SSL/TLS certificate
Now that you’ve generated the server private key and certificate files, configure ProFTPD to use the SSL/TLS certificate created above. To do that, run the commands below to open the ProFTPD default this configuration file.
sudo nano /etc/proftpd/tls.conf
Then make the highlighted changes below so the server can communicate over SSL/TLS.
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
TLSRSACertificateFile /etc/ssl/certs/proftpdcertificate.pem
TLSRSACertificateKeyFile /etc/ssl/private/proftpdserverkey.pem
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSRequired on
TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired
TLSVerifyClient off
Save your changes and restart the server.
Next, open the ProFTPD default configuration file and comment out this line to include the tools. Conf configurations.
sudo nano /etc/proftpd/proftpd.conf
Uncomment the line as shown below:
# This is used for FTPS connections
#
Include /etc/proftpd/tls.conf
Save the file exit
After adding the highlighted lines to the file, save it. Then run the commands below to restart the ProFTPD server.
sudo systemctl restart proftpd
Now grab your favorite FTP client (FileZilla), set up a new site management site, and use FTP protocol with encryption with explicit FTP over TLS. Finally, type your username and password and connect.

You should be prompted with a certificate. Accept the certificate and continue. You may check the box at the bottom of the page to trust the certificate so you don’t get prompted in the future.

It would be best if you now were transferring files securely via SSL/TLS.

Enjoy!
Conclusion:
This post showed you how to install ProFTPD on Ubuntu Linux with SSL/TLS. Please use the comment form below if you find any errors above or have something to add.
Hi, Thanks for the article!
In section STEP 3: CONFIGURING PROFTPD TO USE SSL/TLS it should be TLSRSACertificateFile /etc/ssl/certs/proftpdcertificate.pem instead of TLSRSACertificateFile /etc/ssl/private/proftpdcertificate.pem.
Also TLSProtocol SSLv23 instead of TLSProtocol TLSv23
/Frank
Thanks! Updated
Well written, perfectly understandable. Thanks!
Please correct:
VSFTP server will use the key and certificate created above…
into
proFTPD server will use the key and certificate created above…
(This was surely a copy-paste mistake ;))