diff --git a/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/0001-builddefs-add-support-to-OpenSSL.patch b/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/0001-builddefs-add-support-to-OpenSSL.patch
new file mode 100644
index 000000000..7faec7c6f
--- /dev/null
+++ b/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/0001-builddefs-add-support-to-OpenSSL.patch
@@ -0,0 +1,23 @@
+From: Arturo Buzarra <arturo.buzarra@digi.com>
+Date: Wed, 4 Jun 2025 09:15:27 +0200
+Subject: [PATCH] builddefs: add support to OpenSSL
+
+Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
+---
+ builddefs.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/builddefs.h b/builddefs.h
+index 0106d1a..83de674 100644
+--- a/builddefs.h
++++ b/builddefs.h
+@@ -1,9 +1,9 @@
+ #ifndef VSF_BUILDDEFS_H
+ #define VSF_BUILDDEFS_H
+
+ #define VSF_BUILD_TCPWRAPPERS
+ #define VSF_BUILD_PAM
+-#undef VSF_BUILD_SSL
++#define VSF_BUILD_SSL
+
+ #endif /* VSF_BUILDDEFS_H */
diff --git a/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/vsftpd-cert b/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/vsftpd-cert
new file mode 100644
index 000000000..e7a2ab9cf
--- /dev/null
+++ b/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/vsftpd-cert
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Generate self-signed certificate and key if they don't already exist
+if [ ! -f "/etc/##VSFTPD_PEM##" ] || [ ! -f "/etc/##VSFTPD_KEY##" ]; then
+	openssl req ##VSFTPD_KEY_SIGN_PKCS## ##VSFTPD_KEY_REQ_ARGS## \
+		-out /etc/##VSFTPD_PEM## \
+		-keyout /etc/##VSFTPD_KEY##
+	chmod 400 /etc/##VSFTPD_KEY##
+	echo "SSL/TLS certificate generated"
+else
+	echo "SSL/TLS certificate already exists"
+fi
diff --git a/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/vsftpd-cert.service b/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/vsftpd-cert.service
new file mode 100644
index 000000000..e44c52908
--- /dev/null
+++ b/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/vsftpd-cert.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Vsftpd ftp daemon certificate generation
+Before=vsftpd.service
+ConditionPathExists=!/etc/##VSFTPD_PEM##
+
+[Service]
+Type=oneshot
+ExecStart=/etc/vsftpd-cert
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/vsftpd.conf b/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/vsftpd.conf
index ac1ed380b..b322459e6 100644
--- a/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/vsftpd.conf
+++ b/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd/vsftpd.conf
@@ -18,3 +18,12 @@ connect_from_port_20=YES
 file_open_mode=0777
 local_umask=022
 anon_umask=022
+
+# These options specifies the location of the RSA certificate to use for SSL
+# encrypted connections.
+ssl_enable=YES
+rsa_cert_file=/etc/##VSFTPD_PEM##
+rsa_private_key_file=/etc/##VSFTPD_KEY##
+# SSL session reuse is enabled by default to enhance security.
+# Set to NO if clients have issues with data connections.
+#require_ssl_reuse=NO
diff --git a/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd_%.bbappend b/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd_%.bbappend
index dba7c4e2f..b14c7b09d 100644
--- a/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd_%.bbappend
+++ b/meta-digi-dey/recipes-connectivity/vsftpd/vsftpd_%.bbappend
@@ -1,7 +1,28 @@
-# Copyright (C) 2013-2019, Digi International Inc.
+# Copyright (C) 2013-2025, Digi International Inc.
 
 FILESEXTRAPATHS:prepend := "${THISDIR}/${BPN}:"
 
+SRC_URI:append = " \
+	${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'file://0001-builddefs-add-support-to-OpenSSL.patch', '', d)} \
+	${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'file://vsftpd-cert', '', d)} \
+	${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'file://vsftpd-cert.service', '', d)} \
+"
+
+RDEPENDS:${PN}:append = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', ' ${PN}-cert', '', d)}"
+
+PACKAGECONFIG:append = " openssl "
+PACKAGECONFIG[openssl] = ",,openssl"
+
+LDFLAGS += "${@bb.utils.contains('PACKAGECONFIG', 'openssl', '-lssl -lcrypto', '', d)}"
+
+VSFTPD_PEM ?= "vsftpd.pem"
+VSFTPD_KEY ?= "vsftpd.key"
+# args to openssl req (Default is -batch for non interactive mode and
+# -newkey for new certificate)
+VSFTPD_KEY_REQ_ARGS ?= "-nodes -batch -newkey rsa:2048"
+# Standard format for public key certificate
+VSFTPD_KEY_SIGN_PKCS ?= "-x509"
+
 do_install:append() {
     if ! test -z "${PAMLIB}" ; then
         # Access through Pluggable Authentication Modules (PAM)
@@ -12,4 +33,51 @@ do_install:append() {
         echo "d /run/vsftpd/empty 0755 root root -" \
         > ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf
     fi
+    if ${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'true', 'false', d)}; then
+        VSFTPD_PEM_BASE_NAME=$(basename ${VSFTPD_PEM})
+        VSFTPD_KEY_BASE_NAME=$(basename ${VSFTPD_KEY})
+        #  Install user certificate if provided
+        if [ -f "${VSFTPD_PEM}" ] && [ -f "${VSFTPD_KEY}" ]; then
+            install -m 0644 ${VSFTPD_PEM} ${D}${sysconfdir}/${VSFTPD_PEM_BASE_NAME}
+            install -m 0400 ${VSFTPD_KEY} ${D}${sysconfdir}/${VSFTPD_KEY_BASE_NAME}
+        fi
+
+        # Install systemd service
+        if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+            # Install systemd unit files
+            install -d ${D}${systemd_unitdir}/system
+            install -m 0644 ${WORKDIR}/vsftpd-cert.service ${D}${systemd_unitdir}/system/
+            sed -i -e "s@##VSFTPD_PEM##@${VSFTPD_PEM_BASE_NAME}@g" \
+                   "${D}${systemd_unitdir}/system/vsftpd-cert.service"
+        fi
+
+        # Install init script to generate certificate on target
+        install -d ${D}${sysconfdir}/init.d
+        install -m 0755 ${WORKDIR}/vsftpd-cert ${D}${sysconfdir}/vsftpd-cert
+        sed -i -e "s@##VSFTPD_PEM##@${VSFTPD_PEM_BASE_NAME}@g" \
+               -e "s@##VSFTPD_KEY##@${VSFTPD_KEY_BASE_NAME}@g" \
+               -e "s@##VSFTPD_KEY_SIGN_PKCS##@${VSFTPD_KEY_SIGN_PKCS}@g" \
+               -e "s@##VSFTPD_KEY_REQ_ARGS##@${VSFTPD_KEY_REQ_ARGS}@g" \
+               "${D}${sysconfdir}/vsftpd-cert"
+        ln -sf ${sysconfdir}/vsftpd-cert ${D}${sysconfdir}/init.d/vsftpd-cert
+
+        # Customize vsftpd.conf
+        sed -i -e "s@##VSFTPD_PEM##@${VSFTPD_PEM_BASE_NAME}@g" \
+               -e "s@##VSFTPD_KEY##@${VSFTPD_KEY_BASE_NAME}@g" \
+               "${D}${sysconfdir}/vsftpd.conf"
+    fi
 }
+
+PACKAGES =+ "${PN}-cert"
+FILES:${PN}-cert = " \
+    ${sysconfdir}/vsftpd-cert \
+    ${sysconfdir}/init.d/vsftpd-cert \
+    ${systemd_unitdir}/system/vsftpd-cert.service \
+"
+
+INITSCRIPT_PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'openssl', '${PN}-cert', '', d)}"
+INITSCRIPT_NAME:${PN}-cert = "vsftpd-cert"
+INITSCRIPT_PARAMS:${PN}-cert = "start 99 3 5 . stop 20 0 1 2 6 ."
+
+SYSTEMD_PACKAGES += "${@bb.utils.contains('PACKAGECONFIG', 'openssl', '${PN}-cert', '', d)}"
+SYSTEMD_SERVICE:${PN}-cert = "vsftpd-cert.service"