On the Linux side, using openssl to generate a x509 server certificate in /etc/ssl/private/. On the VM side, I get the certificate section, copy to bfs, and import via the gskkyman utility using an upper-case label for SSLSERV.
> -----Original Message----- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Egnot, Ronald T. (FBI) > Sent: Thursday, June 17, 2010 4:59 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Re: Getting ftps to work > > How are the PKI certificates configured on the z/VM system? > > Using certificate authority or self-signed certificates? > > Did you import the public keys for z/VM using the gskkyman > utility of the GSKADMIN machine? > > Ronald Egnot > Operating System Support Unit > Federal Bureau of Investigation > > -----Original Message----- > From: The IBM z/VM Operating System > [mailto:ib...@listserv.uark.edu] On Behalf Of Mrohs, Ray > Sent: Thursday, June 17, 2010 9:27 AM > To: IBMVM@LISTSERV.UARK.EDU > Subject: Getting ftps to work > > Hi, > > I am trying to get the ftps client to work in z/VM 5.4 going > to a SLES11 server. So far, pure-ftpd secures the control > channel only. Data channel security isn't supported in the > SLES11 distribution version, and due to our site's aggressive > scanning policies, I'm not eager to support a separately > maintained product. > > The vsftpd server, which does control and data channel > encryption, won't connect to the VM ftps client at all. > SSLSERV displays: DTCSSL022E Handshake failed: rc: 410 > reason: SSL message format is incorrect > Yet I can connect to the vsftpd server via desktop Filezilla > using TLS. VM can connect just fine to either server in the > clear. > > Has anyone worked with this before, and is there a config > setting that I might have missed? I'd like to get vsftpd to > work, as opposed to installing a separate ftp. > > Ray Mrohs > U.S. Department of Justice > 202-307-6896 >