vsftpd issue can't load RSA Certificate

Question

This is my configuration for vsftpd:

anonymous_enable=NO
local_enable=YES
userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
tcp_wrappers=YES
script to init pem:
sudo mkdir -p /etc/ssl/private
sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_ciphers=HIGH
pasv_address=XXXXXXXXXXXXX 
#pasv_addr_resolve=NO
pasv_enable=YES
pasv_min_port=49152
pasv_max_port=49200
port_enable=YES
allow_writeable_chroot=YES

I generated the RSA certificate with the command sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Answer 1

You need to generate two different files: a key file and a certificate file.

You sent them to the same /etc/ssl/private/vsftpd.pem

sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/private/vsftpd.pem

Also update vsftpd config:

rsa_private_key_file=/etc/ssl/private/vsftpd.key