Manualshelf

WU-FTPD 2.6.1 release notes (July 2010)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Networking Software
11121314151617181920
mail relaying, or entry into a network. You can either use the commercial TLS/SSL
certificates (certs) to verify the identity of the WU-FTPD 2.6.1 server, or create your
own certificates for the WU-FTPD 2.6.1 servers.
Generating Certificates and Keys Using OpenSSL 0.9.7m
The FTP client in an HP-UX operating system (HP-UX FTP) is compatible only with
standard X.509 certificates in PEM format. HP-UX FTP supports certificates of the
following encryption types:
Rivest Shamir Adleman (RSA) encryption
Digital Signature Algorithm (DSA) encryption
You can use any encryption to generate certificates to use with HP-UX FTP to secure
the file transfer. For information on creating RSA and DSA certificates, see “Creating
DSA Certificates and Keys” (page 17).
The OpenSSL script, /opt/openssl/misc/CA.pl, can be used to generate certificates
and keys. By default, the certificate files are created in an encrypted format using the
Data Encryption Standard (DES) encryption. You must log in as a superuser and modify
the CA.pl script to prevent the created certificate files from being DES encrypted.
NOTE: Third party CAs, certificates, and keys in the PEM format can also be used in
the FTP client and server.
For example, if you already have the third party X.509 CA certificate in PEM format
and you want to use this certificate for the FTP server, specify the path of the certificate
in the FTP server configuration file, that is, CAfile=/etc/opt/certs/CA.pem.
Similarly, you can also use third party certificates and key by specifying their
appropriate locations in the configuration file or on the command line.
Creating RSA Certificates and Keys
Follow this procedure to generate certificates and keys:
1. Change the directory to /opt/openssl/misc:
cd /opt/openssl/misc
2. Copy the CA.pl script to the CA.pl.ORIGINAL script:
cp CA.pl CA.pl.ORIGINAL
3. Replace the entries marked with numbers in the following CA.pl script:
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"
);
1
$RET=$?;
14 WU-FTPD 2.6.1 Release Notes