Specifies configuration parameters of the ftp command to start a transport layer security (TLS) session.
The $HOME/.ftpcnf file is an ASCII file that contains configuration parameters of the ftp command to set up a TLS session.
The $HOME/.ftpconf file contains the following entries separated by spaces, tabs, or new lines:
Item | Description |
---|---|
CRL_PATH | Specifies the path to the certificate-revocation-list file in privacy enhanced mail (PEM) format. If you specify the CRL_PATH entry, the digital certificate that the server provides is verified against the certificate revocation list. If the certificate has been revoked, the TLS session fails. If you do not specify the CRL_PATH entry, the digital certificate is not verified against a certificate revocation list. |
CA_PATH | Specify the path to the trusted certificate-authority file in PEM format. If you specify the CA_PATH entry, the server certificate is verified against the certificate authority. If the certificate authority has not signed the digital certificate that the server provides, the TLS session fails. If you do not specify the CA_PATH entry, the digital certificate that the server provides is not verified against a trusted certificate authority. |
CIPHER_LIST | Specifies the list that is used during the TLS session. If you do not specify the CIPHER_LIST entry, a default cipher list is used. |
DEPHT | Verifies the certificate that the ftpd server provides in the digital certificate hierarchy, if you have specified the CA_PATH configuration parameter. If you do not provide the DEPHT entry, a default value of 9 is used. |
CERTIFICATE | Specifies the path to a valid chain of digital certificates in PEM format. If you specify the CERTIFICATE entry, the ftp command uses the digital certificate chain during the TLS session. |
CERTIFICATE_PRIVATE_KEY | Specifies the path to the private key corresponding to the certificate in PEM format. |
The following is an example of an entry in the .ftpconf file:
CRL_PATH /home/USERNAME/crl.pem
CA_PATH /home/USERNAME/ca.pem
CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
DEPHT 2
CERTIFICATE /home/USERNAME/cert.pem
CERTIFICATE_PRIVATE_KEY /home/USERNAME/privatekey.pem
Item | Description |
---|---|
/usr/samples/tcpip/.ftpcnf | Sample .ftpcnf file. |