1839308 Members
2736 Online
110138 Solutions
New Discussion

copy /ftp/ssl issue

 
SOLVED
Go to solution
stephenbrayshaw
Advisor

copy /ftp/ssl issue

I am trying to use copy/ftp/ssl from one OpenVMS machine to another.

Both machines are running OpenVMS 8.4-2L1 & TCPIP 5.7-13ECO5F.

When I run it I get the following errors

TCPIP$_FTP_SSLERR, SSL not enabled on server
TCPIP$_FTP_SSLERR, Session will continue in plain text

How do I change the FTP server config to have the SSL enabled?

3 REPLIES 3
Steven Schweda
Honored Contributor
Solution

Re: copy /ftp/ssl issue

> How do I change the FTP server config to have the SSL enabled?

   I wish (slightly) that I knew.  Around here (hobbyist):

ITS $ tcpip show version

  HP TCP/IP Services for OpenVMS Industry Standard 64 Version V5.7 - ECO 5
  on an HP rx2600  (1.50GHz/6.0MB) running OpenVMS V8.4    

And my FTP log (sys$sysdevice:[tcpip$ftp]tcpip$ftp_run.log) always
begins with:

 Certificate file not found
TCPIP$_FTP_NOSSL, FTP over SSL not supported

   There seems to be some relevant stuff in a "Release Notes" doc:

      https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c04623347

      1.2.3.1 Configuring an FTP server for SSL

         To configure an FTP server and to allow the FTP server to
         handle incoming client connections which are over SSL, the
         certificates and keys must be copied at the following location:

         Certificate file : SSL$CERTS:SERVER.CRT
         Key file: SSL$KEYS:SERVER.KEY

        The key and certificate file of the server must be placed in
        this directory and must be named as SERVER.CRT and SERVER.KEY.
        During the FTP server startup, if it does not find either the
        key or the certificate file in the required location, the FTP
        server will not support SSL.

   There might be some guidance somewhere as to how to obtain/generate
these files, but you couldn't prove it by me.

stephenbrayshaw
Advisor

Re: copy /ftp/ssl issue

Thank you very much Steven,

That was the fix, although I used the SSL1$ directories instead of the SSL$ ones.

I used @SSL1$COM:SSL1$CERT_TOOL to generate the self-signed cert.

Steven Schweda
Honored Contributor

Re: copy /ftp/ssl issue

> That was the fix, although I used the SSL1$ directories instead of the
> SSL$ ones.

   Your stuff being newer than mine might matter.  I used the SSL1 tool
to generate the files, but my FTP server seemed to look for them only in
the (plain-old) SSL directory.

   Thanks for filling in the CERT_TOOL detail.