How to install and configure secure vsftpd using SSL/TLS in Redhat 7

vsftpd is the Very Secure File Transfer Protocol Daemon. vsftpd can be launched in standalone mode, in which case vsftpd itself will listen on the network. This latter mode is easier to use, and recommended. It is activated by setting listen=YES in /etc/vsftpd/vsftpd.conf. Direct execution of the vsftpd binary will then launch the FTP service ready for immediate client connections.

Step 1: To Install vsftpd package run given the command.

[root@localhost ~]# yum install vsftpd -y

Step 2: After installed vsftpd package in Redhat server, need to open vsftpd config file by given command.

[root@localhost ~]# nano /etc/vsftpd/vsftpd.conf

To secure vsftpd need to disable anonymous user in vsftpd config file using the following command.


To lock FTP user with his home directory, Uncomment and add the following lines in vsftpd config file.


Step 4: Restart your vsftpd service for effect by using given the command.

[root@localhost ~]# systemctl start vsftpd && systemctl enable vsftpd && systemctl status vsftpd

Step 5: In case your SELinux is enforcing mode so run given the command to allow FTP user home directory access.

[root@localhost ~]# setsebool -P ftp_home_dir 1

Step 6: Need to add FTP service in your firewall by using given the command.

[root@localhost ~]# firewall-cmd –add-service=ftp –permanent && firewall-cmd –reload

After configuration of vsftpd on Redhat 7 Machine, Now need to create a directory to store SSL certificates.

[root@localhoroost ~]# mkdir -p /etc/crt/ssl

Step 7: create the certificate and key files  using the following command.

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/crt/ssl/vsftpd.pem -out /etc/crt/ssl/vsftpd.pem

Now need to fill the required fields like Country Name, State etc.

Generating a 1024 bit RSA private key
writing new private key to ‘/etc/crt/ssl/vsftpd.pem’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Delhi
Locality Name (eg, city) [Default City]:New Delhi
Organization Name (eg, company) [Default Company Ltd]:TechBeginner
Organizational Unit Name (eg, section) []:TechBeginner
Common Name (eg, your name or your server’s hostname) []
Email Address []

Step 8: Edit vsftpd configuration file /etc/vsftpd/vsftpd.conf.

[root@localhoroost ~]# nano /etc/vsftpd/vsftpd.conf

Add the following lines at the Top:




Save and Exit the file.

Step 9: Need to restart the vsftpd service.

[root@localhoroost ~]# systemctl restart vsftpd

Now test the vsftpd service any FTP client.

How to install and configure secure vsftpd using SSL/TLS in Redhat 7

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top