The -tlsCertificateChainFile option is used to specify a file in which all certificates can be stored which are required for verification of the server certificate. The first certificate in this file is the server certificate. The remaining certificates must form an unbroken chain, starting with the certificate of the CA which issued the server certificate, through to the root certificate of a CA which can be verified directly by the FTP client. The certificates in the chain must be sorted in such a way that the root certificate is in last place.
The specified file is only required if the server certificate was issued by a CA that is not known to the FTP clients and verification can thus not be performed by the FTP clients without the certificate chain being sent. This mechanism requires that RSA and DSA certificates should not be used simultaneously for the server, as the file is used for both variants.
-tlsCertificateChainFile |
<file-name 1..54> | *NONE |
<file-name 1..54>
Name of the file in which all certificates are stored which are required for verification of the server certificate.
*NONE
No file is specified.
*NONE is the default.