Manualshelf

WU-FTPD 2.6.1 Release Notes (5900-2465, September 2012)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Networking Software
11121314151617181920
a. X.509 RSA Certificate Authority (CA).
b. X.509 RSA server certificate signed by the CA certificate (certificate file).
c. X.509 RSA private key associated with the RSA server certificate (key file).
2. Copy the CA file, certificate file, and key file to the /etc/ftpd/security directory in the
server, for example, /etc/ftpd/security/ca.pem, /etc/ftpd/security/
ftpd-rsa-cert.pem, and /etc/ftpd/security/ftpd-rsa-key.pem, respectively.
3. Configure the FTP server using either of the following methods:
Using Command-Line Options
Include the command-line options in the FTP service entry in the /etc/inetd.conf file
as follows:
ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l -L -a -z usetls
-z tlsdata -z cert=/etc/ftpd/security/ftpd-rsa-cert.pem -z
key=/etc/ftpd/security/ftpd-rsa-key.pem -z
CAfile=/etc/ftpd/security/ftpd-rsa-ca.pem
Using the Configuration File
Specify the TLS configuration file in the FTP service entry in the /etc/inetd.conf file.
Following is the FTP service entry in the /etc/inetd.conf file:
ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l -L -a -z usetls
-z config=/etc/ftpd/security/tls.conf
Following are the contents of the /etc/ftpd/security/tls.conf TLS configuration
file:
usetls
tlsdata
cert=/etc/ftpd/security/ftpd-rsa-cert.pem
key=/etc/ftpd/security/ftpd-rsa-key.pem
CAfile=/etc/ftpd/security/ftpd-rsa-ca.pem
To configure secured file transfer in an FTP client system, complete the following steps:
1. Generate the following certificates and key using HP-UX OpenSSL with the procedure discussed
in “Generating certificates and keys using OpenSSL 0.9.7m” (page 7):
a. X509 RSA Certificate Authority (CA).
b. X509 RSA server certificate signed by the CA certificate (certificate file).
c. X509 RSA private key associated with the RSA server certificate (key file).
2. Copy the certificate file and key file to the home directory of the user in the client system, for
example, /home/user1/certificate.pem, and /home/user1/private-key.pem,
respectively.
3. Copy the CA file to a global location in the client system.
NOTE: This step is optional and required only if you are using client certificates for
authentication.
4. Start the FTP client using one of the following methods:
Using Environment Variables
To start the FTP client using environment variables, export the following environment
variables using the following commands:
export FTP_USESSL=1
export FTP_SSL_CA_FILE=/etc/ftpd/security/ca.pem
14 WU-FTPD 2.6.1 Release Notes