FTP daemon config with SSL in debian
cat /etc/apache2/ssl/server.crt /etc/apache2/ssl/server.pem > /etc/vsftpd/server.pem
if you have an intermediate, chained cert, include that as well:
cat /etc/apache2/ssl/server_inter.crt >> /etc/vsftpd/server.pem
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
excerpt from /etc/vsftpd.conf
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES rsa_cert_file=/etc/vsftpd/server.pem require_ssl_reuse=NO pasv_enable=YES pasv_min_port=55000 pasv_max_port=60000 ftp_data_port=20 listen_port=21
offical cert:
lftp -u username -e 'set ftp:ssl-force true' example.com
selfsigned cert:
lftp -u username -e 'set ftp:ssl-force true' -e 'set ssl:verify-certificate false' example.com
openssl s_client -connect example.com:ftp -starttls ftp -showcerts