Question & Answer
ftpdon AIX® to use TLS with a self-signed certificate?
ftpdto use it. These steps assume that the certificate directory is
/.tls, and that all the commands are run by the root user.
mkdir /.tls chmod 755 /.tls
opensslcommand to create self-signed certificates with the default
cd /.tls mkdir private newcerts chmod 700 private echo 01 > serial > index.txt ln -s . demoCA
openssl req -batch -nodes -new -sha256 -newkey rsa:2048 -keyout private/server_key.pem -subj '/C=US/ST=Texas/L=Austin/O=IBM DSO/OU=IBM DSO server/CN=IBM DSO server certificate/' -out server_certreq.pem
yes | openssl ca -policy policy_anything -days 7300 -in server_certreq.pem –out server_cert.pem -selfsign -keyfile private/server_key.pem -notext
chmod 600 private/*
ftpdto use the self-signed certificate and its private key by setting these options in
CERTIFICATE /.tls/server_cert.pem CERTIFICATE_PRIVATE_KEY /.tls/private/server_key.pem
ftpdby disabling support for DES and anonymous cipher algorithms by setting this option in
/etc/ftpd.cnf. For more information on the syntax of the CIPHER_LIST option, see https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html.
ftpdby disabling support for all versions of TLS except TLS 1.2 by setting these options in
SSLv3 NO TLSv1 NO TLSv1.1 NO
If the instructions in this document do not lead to resolution of the problem, follow these instructions to open a case. The product must be under warranty or have an active and valid support contract.
a. Document or take screen captures of all symptoms, errors, or messages.
b. Capture any logs or data relevant to the issue.
c. Contact IBM® to open a case.
d. Provide a detailed description of the issue and reference this technote.
e. Upload all of the details and data to the case.
-You can attach files to the case in the IBM® Support Community, or
f. Click here to submit feedback for this document.
08 October 2020