From owner-freebsd-questions@FreeBSD.ORG  Mon Aug 10 20:14:34 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BC30E10657C5
	for <freebsd-questions@freebsd.org>;
	Mon, 10 Aug 2009 20:14:34 +0000 (UTC)
	(envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net)
Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net
	[66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 8814A8FC31
	for <freebsd-questions@freebsd.org>;
	Mon, 10 Aug 2009 20:14:34 +0000 (UTC)
Received: from smoochies.rachie.is-a-geek.net
	(mailhub.lan.rachie.is-a-geek.net [192.168.2.11])
	by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id 8D6597E818;
	Mon, 10 Aug 2009 12:14:33 -0800 (AKDT)
From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net>
To: freebsd-questions@freebsd.org
Date: Mon, 10 Aug 2009 12:14:32 -0800
User-Agent: KMail/1.11.4 (FreeBSD/8.0-BETA2; KDE/4.2.4; i386; ; )
References: <f99a79ec0908101159q7112b066me71c2a0ed00e6f09@mail.gmail.com>
In-Reply-To: <f99a79ec0908101159q7112b066me71c2a0ed00e6f09@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200908101214.32647.mel.flynn+fbsd.questions@mailing.thruhere.net>
Cc: Stefan Miklosovic <miklosovic.freebsd@gmail.com>
Subject: Re: vsftpd with ssl
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2009 20:14:35 -0000

On Monday 10 August 2009 10:59:34 Stefan Miklosovic wrote:
> Hi there,
>
> I am installing vsftpd server with ssl.
> It seems it works good, BUT
>
> *~:*ftp-tls notebook
> Trying 127.0.0.1...
> Connected to localhost.
> 220 Welcome to miniBSD service.
> 234 Proceed with negotiation.
> [Starting SSL/TLS negotiation...]
> WARNING: Server's certificate issuer's certificate isn't available locally.

This is an ftp-tls error, not vsftpd. It took some searching through OpenSSL 
sources, cause half of the manpages aren't available, but the certificate 
should be in /etc/ssl on the connecting machine.

The error above is the same as described in the verify(1) manpage for OpenSSL:
 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certifi-
       cate
      the issuer certificate could not be found: this occurs if the
      issuer certificate of an untrusted certificate cannot be found.

The verify(1) manpage also describes how to store your trusted certificates in 
there, though it doesn't contain too much info.
Perhaps this guide will help you:
http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl
-- 
Mel