WU-FTPD 2.6.1 Release Notes for HP-UX 11i v1, HP-UX 11i v2 and HP-UX 11i v3

rsacert=/var/opt/ftp/CA-Certs/client-cert.pem -z\

rsakey=/var/opt/ftp/CA-Certs/client-key.pem server_name

Basic Configuration for Secured File Transfer

This section discusses the basic configuration required for secured file transfer in an

FTP server and client.

To configure secured file transfer in an FTP server, complete the following steps:

1. Generate the following certificates and key using HP-UX OpenSSL with the

procedure discussed in “Generating Certificates and Keys Using OpenSSL 0.9.7m”

(page 14):

a. X.509 RSA Certificate Authority (CA).

b. X.509 RSA server certificate signed by the CA certificate (certificate file).

c. X.509 RSA private key associated with the RSA server certificate (key file).

2. Copy the CA file, certificate file, and key file to the /etc/ftpd/security

directory in the server, for example, /etc/ftpd/security/ca.pem, /etc/

ftpd/security/ftpd-rsa-cert.pem, and /etc/ftpd/security/

ftpd-rsa-key.pem, respectively.

3. Configure the FTP server using either of the following methods:

• Using Command-Line Options

Include the command-line options in the FTP service entry in the /etc/

inetd.conf file as follows:

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l -L -a

-z usetls -z tlsdata -z

cert=/etc/ftpd/security/ftpd-rsa-cert.pem -z

key=/etc/ftpd/security/ftpd-rsa-key.pem -z

CAfile=/etc/ftpd/security/ftpd-rsa-ca.pem

• Using the Configuration File

Specify the TLS configuration file in the FTP service entry in the /etc/

inetd.conf file.

Following is the FTP service entry in the /etc/inetd.conf file:

ftp stream tcp6 nowait root /usr/lbin/ftpd ftpd -l -L -a

-z usetls -z config=/etc/ftpd/security/tls.conf

Following are the contents of the /etc/ftpd/security/tls.conf TLS

configuration file:

usetls

tlsdata

cert=/etc/ftpd/security/ftpd-rsa-cert.pem

key=/etc/ftpd/security/ftpd-rsa-key.pem

CAfile=/etc/ftpd/security/ftpd-rsa-ca.pem

22 WU-FTPD 2.6.1 Release Notes