On Mon, Jan 26, 2009 at 10:26 PM, West, John C <john.c.w...@citizensbank.com> wrote: > I have a keystore (conf/keystore.jks) with one certificate: > % keytool -list -keystore conf/keystore.jks > Enter keystore password: password > > Keystore type: jks > Keystore provider: IBMJCE > > Your keystore contains 1 entry > > xfer, Jan 26, 2009, trustedCertEntry, > Certificate fingerprint (MD5): > 80:40:2D:97:25:20:AD:50:BE:9D:06:CA:B0:77:CA:EB
This is not sufficient, you need to have at least a key for the server to use. You can generate this using keytool -genkey. > My ftpd.xml has the following configuration: > > <listeners> > <nio-listener name="default" port="30021" > implicit-ssl="true"> > <ssl protocol="SSL" > client-authentication="WANT"> Noramlly, you do not need these attributes. > <keystore file="conf/keystore.jks" > password="password" key-alias="xfer" algorithm="IbmX509" /> You do not need the key-alias attribute if the keystore only contains your key. I'm not sure if you need the algorithm, but I would not think so. > <truststore file="conf/keystore.jks" > password="password" algorithm="IbmX509" /> Again, algorithm might not be needed. That should be it, let us know if it helps or not. We can probably improve our error logging in this area, I'll have a look at that after 1.0. /niklas
