Manualshelf

WU-FTPD 2.6.1 Release Notes (5900-2465, September 2012)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Networking Software
12345678910
Organizational unit (OU), such as a department within an organization
City or location (L) where an organization is located
State or province (SP) where the city is located
Country (C) in the International Organization for Standardization (ISO) format (such as U.S.)
The DN is a combination of the different certificate information. The PEM-encoded certificate
contains this information along with the DN of the issuer, the validity period of the certificate,
various administration information, such as a serial number of the certificate, and any other required
information, such as Netscape-specific tags. These certificates are used to establish the identity
and trustworthiness of the presenter, such as a server or a client. These certificates are also used
to authenticate the connecting party and to take appropriate action, such as allowing a connection
to proceed, and mail relaying, or entry into a network. You can either use the commercial TLS/SSL
certificates (certs) to verify the identity of the WU-FTPD 2.6.1 server, or create your own certificates
for the WU-FTPD 2.6.1 servers.
Generating certificates and keys using OpenSSL 0.9.7m
The FTP client in an HP-UX operating system (HP-UX FTP) is compatible only with standard X.509
certificates in PEM format. HP-UX FTP supports certificates of the following encryption types:
Rivest Shamir Adleman (RSA) encryption
Digital Signature Algorithm (DSA) encryption
You can use any encryption to generate certificates to use with HP-UX FTP to secure the file transfer.
For information on creating RSA and DSA certificates, see “Creating DSA certificates and keys
(page 9).
The OpenSSL script, /opt/openssl/misc/CA.pl, can be used to generate certificates and
keys. By default, the certificate files are created in an encrypted format using the Data Encryption
Standard (DES) encryption. You must log in as a superuser and modify the CA.pl script to prevent
the created certificate files from being DES encrypted.
NOTE: Third party CAs, certificates, and keys in the PEM format can also be used in the FTP
client and server.
For example, if you already have the third party X.509 CA certificate in PEM format and you want
to use this certificate for the FTP server, specify the path of the certificate in the FTP server
configuration file, that is, CAfile=/etc/opt/certs/CA.pem. Similarly, you can also use third
party certificates and key by specifying their appropriate locations in the configuration file or on
the command line.
Creating RSA certificates and keys
Follow this procedure to generate certificates and keys:
1. Change the directory to /opt/openssl/misc:
cd /opt/openssl/misc
2. Copy the CA.pl script to the CA.pl.ORIGINAL script:
cp CA.pl CA.pl.ORIGINAL
3. Replace the entries marked with numbers in the following CA.pl script:
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"
);
1
$RET=$?;
WU-FTPD 2.6.1 features 7