mkdir -p /etc/vsftpd/
openssl req -new -x509 -nodes -out /etc/vsftpd/vsftpd.pem -keyout /etc/vsftpd/vsftpd.pem
When generating the SSL key, you will be prompted to fill in a variety of fields such as "Country Name" and "Orginization Name". It is important to fill these in, even if you use fake values. In particular, I would get an error when using curl's -k option because I left "Common Name" field blank.
Add these lines to the bottom of the file.
ssl_enable=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
# Send files in the clear but encrypt the control connection
force_local_data_ssl=NO
curl -k --ssl ftp://host-name/ --user ftpuser:ftppassword
The trailing slash in the URL tells curl to list the directory contents on the remote FTPS server. The -k options skips SSL certification verification for now because I am using a self-signed certificate for testing purposes. The --ssl option tells curl to use FTPS (notice that I still use ftp: in the URL).
curl -k --ssl ftp://host-name/dir/remote-file.tgz --user ftpuser:ftppassword > local-file.tgz
curl -k --ssl -T local-file.tgz --ftp-create-dirs ftp://host-name/some/remote/path/remote-file.tgz --user ftpuser:ftppassword
The -T options specifies the local file to upload, and --ftp-create-dirs tells curl to create the required directories if they don't exist.