The main Moto of this blog was which explains FTP Secure configuration.
FTPS (also known as FTP Secure and FTP-SSL) is an extension to the commonly used File Transport Protocol(FTP) that's adds support for the Transport Layer Security(TLS) and the Secure Sockets Layer(SSL) cryptographic protocols.
FTPS should not be confused with the SSH File Transfer Protocol (SFTP), an incompatible secure File transfer sub system for the Secure Shell (SSH) protocol. It is also different from the Secure FTP, the practice of tunneling FTP through an SSH Connection.
I am not going to compare FTPS with SFTP, and not going to discuss about SFTP, already blogs available on the same. (SFTP with PI the openSSH way).
Before configuring Communication channel, we have to deploy the certificates
1) SAP Java Cryptographic Toolkit has to be deployed in J2EE Engine.
2) Public key Certificate (SSL Certificate) which is provided by FTPS Server has to be deployed in J2EE Engine.
3) The CA certificate used to sign the server certificate must be added to the Trusted As key store view in J2EE Engine. (For PI7.1/7.0 no needs to deploy these toolkit and CA certificate. Because those will be already present in the Server itself).
Take basis people help to deploy required certificates in PI J2EE server.
Refer below link for more info
http://help.sap.com/saphelp_nwpi71/helpdata/EN/e9/a1dd44d2c83c43afb5ec8a4292f3e0/frameset.htm
1) Crete communication channel.
2) Select Connection security
FTPS (FTP Using/TLS) for control connection: The FTP control connection is protected using TLS/SSL (Transport Layer Security/Secure Sockets Layer).File transfer is unencrypted.
FTPS (FTP Using SSL/TLS) for Control and Data Connection:
All communication with the FTP server is encrypted and uses TLS/SSL.
3) In Command Order Specifies the sequence of commands used to authenticate and secure the connection. Retain the default setting. Only adjust the sequence of commands to match those expected of the FTP server if you encounter problems with the FTP connection.
AUTH TLS: Defines the authentication mechanism used for the current FTP session.
USER: Sends a User Logon ID to the Server
PASS: Sends a Password to the Server
PBSZ: Defines the largest buffer protection buffer size to be used for application-level encoded data sent or received on the data connection.
PROT : Defines the protection used for FTP data connections.
4) Use X.509 Certificate for Client Authentication, Set this indicator if the adapter, in contrast to the FTP server, is to use X.509 certificate and public-key cryptography to authenticate itself. The corresponding key/certificate pair must previously be saved in a keystore view of the J2EE server.
Give The Details in KeyStore and x.509 Certificate by selecting the help. If we already deployed the Certificates in J2EE Engine, help will be provided and we have to select from that as shown below.
Enter the Keystore and the X.509 Certificate and Private Key. To do this, you can use the input help.
Keystore contains certificates that are used for authentication and encryption.
5) An X.509 client certificate is a digital "identification card" for use in the Internet, also known as a public-key certificate. So public key Certificate has to be selected.
6) Final configuration looks like below.
The FTPS configuration for both sender and receiver communication channels is similar.
9 Comments
