Configuring a Certificate
You can modify specific parameters in the config.txt file to use an SSL certificate.
Before you beginBefore modifying the
config.txt file, ensure that you have received a certificate from your certificate authority.
- Procedure
- On the command line, navigate to the $CFROOT/config directory.
- Open the config.txt file by using any text editor.
- Navigate to the
SSL Communication Additional Parameters
part in both SERVER and CLIENT sections. - Configure the following parameters according to your certificate:
CertificateFileNamePrivateKeyFileNamePrivateKeyPwdFileNameTrustedAuthorityFileNameThe following is an example of the
SSL Communication Additional Parameters
part in the SERVER section:# SSL Communication Additional Parameters. SSLPort: 56565 SSLPortIPv6: N { N, IPv6 Port } TunnelPort: 58585 TunnelPortIPv6: N { N, IPv6 Port } ClientVerification: Y { N, Y } CertificateFileName: /mftps/certs/cert.test PrivateKeyFileName: /mftps/certs/privatekey.test PrivateKeyPwdFileName: /mftps/certs/passwordfile TrustedAuthorityFileName: /mftps/certs/certauth.all AuthorizationFileName: N { N, FileName } SSLTraceLevel: N { N, Y } SSLTracePath: /mftps/trace/SSLResponder { N, Path } CheckCRL: N { N, Y } CAPath: SSLEnabledProtocols: TLSV1,TLSV1.1,TLSV1.2 {TLSV1,TLSV1.1,TLSV1.2} Ciphers: HIGH { openssl_cipher_list }
The following is an example of theSSL Communication Additional Parameters
part in the CLIENT section:# SSL Communication. Additional Parameters. CertificateFileName: /mftps/certs/cert.test PrivateKeyFileName: /mftps/certs/privatekey.test PrivateKeyPwdFileName: /mftps/certs/passwordfile TrustedAuthorityFileName: /mftps/certs/certauth.all SSLTraceLevel: N { N, Y } SSLTracePath: /mftps/trace/SSLInitiator { N, Path }
CheckCRL: N { N, Y } CAPath: SSLEnabledProtocols: TLSV1,TLSV1.1,TLSV1.2 {TLSV1,TLSV1.1,TLSV1.2 } Ciphers: HIGH { openssl_cipher_list } - After SSL parameters are configured, use
cfstart -ssl
and/orcfstart -tunnel
to startCyberResp
daemon in SSL or Tunnel mode and enable transfers in SSL or Tunnel mode.