Configuring a Certificate

You can modify specific parameters in the config.txt file to use an SSL certificate.

Before you beginBefore modifying the config.txt file, ensure that you have received a certificate from your certificate authority.
    Procedure
  1. On the command line, navigate to the $CFROOT/config directory.
  2. Open the config.txt file by using any text editor.
  3. Navigate to the SSL Communication Additional Parameters part in both SERVER and CLIENT sections.
  4. Configure the following parameters according to your certificate:
    CertificateFileName
    PrivateKeyFileName
    PrivateKeyPwdFileName
    TrustedAuthorityFileName
    The following is an example of the SSL Communication Additional Parameters part in the SERVER section:
    # SSL Communication Additional Parameters.  
    SSLPort:                  56565 
    SSLPortIPv6:              N                          { N, IPv6 Port }
    TunnelPort:               58585
    TunnelPortIPv6:           N                          { N, IPv6 Port }
    ClientVerification:       Y                                  { N, Y }
    CertificateFileName:      /mftps/certs/cert.test	 
    PrivateKeyFileName:       /mftps/certs/privatekey.test
    PrivateKeyPwdFileName:    /mftps/certs/passwordfile
    TrustedAuthorityFileName: /mftps/certs/certauth.all 
    AuthorizationFileName:    N                           { N, FileName }
    SSLTraceLevel:            N                                  { N, Y } 
    SSLTracePath:             /mftps/trace/SSLResponder       { N, Path } 
    CheckCRL:                 N                                  { N, Y }
    CAPath:                                                            
    SSLEnabledProtocols:    TLSV1,TLSV1.1,TLSV1.2 {TLSV1,TLSV1.1,TLSV1.2} 
    Ciphers:                  HIGH                { openssl_cipher_list } 
    
    The following is an example of the SSL Communication Additional Parameters part in the CLIENT section:
    # SSL Communication. Additional Parameters. 
    CertificateFileName:      /mftps/certs/cert.test	 
    PrivateKeyFileName:       /mftps/certs/privatekey.test
    PrivateKeyPwdFileName:    /mftps/certs/passwordfile
    TrustedAuthorityFileName: /mftps/certs/certauth.all
    SSLTraceLevel:            N                                 { N, Y } 
    SSLTracePath:             /mftps/trace/SSLInitiator      { N, Path }
    CheckCRL: N { N, Y } CAPath: SSLEnabledProtocols: TLSV1,TLSV1.1,TLSV1.2 {TLSV1,TLSV1.1,TLSV1.2 } Ciphers: HIGH { openssl_cipher_list }
  5. After SSL parameters are configured, use cfstart -ssl and/or cfstart -tunnel to start CyberResp daemon in SSL or Tunnel mode and enable transfers in SSL or Tunnel mode.