That's what I thought, but he was insistent that the cert is all that's required.
I generated a new key and installed it, but it still didn't work. It turned out that the subsequent issue was caused by the client not playing well with implicit-ssl=true. I changed that and everything works fine now. Thanks for your help. -----Original Message----- From: Niklas Gustavsson [mailto:[email protected]] Sent: Monday, January 26, 2009 4:43 PM To: [email protected] Subject: Re: SSL setup problems... On Mon, Jan 26, 2009 at 10:26 PM, West, John C <[email protected]> wrote: > I have a keystore (conf/keystore.jks) with one certificate: > % keytool -list -keystore conf/keystore.jks Enter keystore password: > password > > Keystore type: jks > Keystore provider: IBMJCE > > Your keystore contains 1 entry > > xfer, Jan 26, 2009, trustedCertEntry, > Certificate fingerprint (MD5): > 80:40:2D:97:25:20:AD:50:BE:9D:06:CA:B0:77:CA:EB This is not sufficient, you need to have at least a key for the server to use. You can generate this using keytool -genkey. > My ftpd.xml has the following configuration: > > <listeners> > <nio-listener name="default" port="30021" > implicit-ssl="true"> > <ssl protocol="SSL" > client-authentication="WANT"> Noramlly, you do not need these attributes. > <keystore file="conf/keystore.jks" > password="password" key-alias="xfer" algorithm="IbmX509" /> You do not need the key-alias attribute if the keystore only contains your key. I'm not sure if you need the algorithm, but I would not think so. > <truststore file="conf/keystore.jks" > password="password" algorithm="IbmX509" /> Again, algorithm might not be needed. That should be it, let us know if it helps or not. We can probably improve our error logging in this area, I'll have a look at that after 1.0. /niklas ----------------------------------------- Use of email is inherently insecure. Confidential information, including account information, and personally identifiable information, should not be transmitted via email, or email attachment. In no event shall Citizens or any of its affiliates accept any responsibility for the loss, use or misuse of any information including confidential information, which is sent to Citizens or its affiliates via email, or email attachment. Citizens does not guarantee the accuracy of any email or email attachment, that an email will be received by Citizens or that Citizens will respond to any email. This email message is confidential and/or privileged. It is to be used by the intended recipient only. Use of the information contained in this email by anyone other than the intended recipient is strictly prohibited. If you have received this message in error, please notify the sender immediately and promptly destroy any record of this email.
