diff --git a/vsftpd-support-dsa-only-setups.patch b/vsftpd-support-dsa-only-setups.patch
new file mode 100644
index 0000000..32bc8a2
--- /dev/null
+++ b/vsftpd-support-dsa-only-setups.patch
@@ -0,0 +1,18 @@
+Index: vsftpd-3.0.3/vsftpd.conf
+===================================================================
+--- vsftpd-3.0.3.orig/vsftpd.conf	2018-06-21 11:01:12.125258812 +0000
++++ vsftpd-3.0.3/vsftpd.conf	2018-06-21 11:04:43.355979116 +0000
+@@ -188,8 +188,12 @@ listen=NO
+ # Make sure, that one of the listen options is commented !!
+ listen_ipv6=YES
+ #
+-# Set to ssl_enable=YES if you want to enable SSL
++# Set "ssl_enable=YES" to enable SSL support and configure the location of
++# your local certificate (RSA, DSA, or both). Note that vsftpd won't start
++# if either of the "xxx_cert_file" options sets a path that doesn't exist.
+ ssl_enable=NO
++rsa_cert_file=
++dsa_cert_file=
+ #
+ # Limit passive ports to this range to assis firewalling
+ pasv_min_port=30000
diff --git a/vsftpd.changes b/vsftpd.changes
index 33b0f9f..2917dc6 100644
--- a/vsftpd.changes
+++ b/vsftpd.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Thu Jun 21 11:06:33 UTC 2018 - psimons@suse.com
+
+- Apply "vsftpd-support-dsa-only-setups.patch" to disable the
+  problematic default setting for rsa_cert_file. Upstream
+  initializes that value to "/usr/share/ssl/certs/vsftpd.pem" and
+  vsftpd won't start up if that file does not exist (or if does not
+  contain an RSA certificate). Therefore, users who copy a DSA
+  certificate into that location or properly configure a DSA
+  certificate via dsa_cert_file without explicitly disabling the
+  RSA certificate won't be able to start vsftpd. [bsc#975538]
+
 -------------------------------------------------------------------
 Wed May 16 15:25:02 UTC 2018 - psimons@suse.com
 
diff --git a/vsftpd.spec b/vsftpd.spec
index 8f60847..2ace60e 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -83,6 +83,7 @@ Patch28:        vsftpd-die-with-session.patch
 Patch29:        vsftpd-append-seek-pipe.patch
 Patch30:        vsftpd-3.0.3-address_space_limit.patch
 Patch31:        vsftpd-enable-syscalls-needed-by-sle15.patch
+Patch32:        vsftpd-support-dsa-only-setups.patch
 BuildRequires:  libcap-devel
 BuildRequires:  libopenssl-devel
 BuildRequires:  pam-devel
@@ -146,6 +147,7 @@ tests.
 %patch29 -p1
 %patch30 -p1
 %patch31 -p1
+%patch32 -p1
 
 %build
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP