On Mon, Jan 26, 2009 at 10:26 PM, West, John C
<john.c.w...@citizensbank.com> wrote:
> I have a keystore (conf/keystore.jks) with one certificate:
> % keytool -list -keystore conf/keystore.jks
> Enter keystore password:  password
> Keystore type: jks
> Keystore provider: IBMJCE
> Your keystore contains 1 entry
> xfer, Jan 26, 2009, trustedCertEntry,
> Certificate fingerprint (MD5):
> 80:40:2D:97:25:20:AD:50:BE:9D:06:CA:B0:77:CA:EB

This is not sufficient, you need to have at least a key for the server
to use. You can generate this using keytool -genkey.

> My ftpd.xml has the following configuration:
>        <listeners>
>                <nio-listener name="default" port="30021"
> implicit-ssl="true">
>                        <ssl protocol="SSL"
> client-authentication="WANT">

Noramlly, you do not need these attributes.

>                        <keystore file="conf/keystore.jks"
> password="password"  key-alias="xfer" algorithm="IbmX509" />

You do not need the key-alias attribute if the keystore only contains
your key. I'm not sure if you need the algorithm, but I would not
think so.

>                        <truststore file="conf/keystore.jks"
> password="password" algorithm="IbmX509" />

Again, algorithm might not be needed.

That should be it, let us know if it helps or not. We can probably
improve our error logging in this area, I'll have a look at that after


Reply via email to