Brief instructions are as follows:
You need to have Digital Certificate Manager, HTTP Server and Cryptographic Support (ACn) licensed programs installed.
On the server, use DCM to
a) Create the *SYSTEM certificate store
b) define the server as a local CA - create local CA certificate
c) create a self-signed certificate (signed by local CA)
d) assign the certificate to the OS/400 TCP/IP FTP server application
e) optionally manage the application to request that client authentication is required.
Then
f) CHGFTPA to allow or force secure FTP
g) endtcpsvr *ftp and strtcpsvr *ftp
If you want to have a secure FTP from iSeries to iSeries, the FTP client must be V5R2 as this is the 1st release where a secure FTP client became available (the secure server was available on V5R1 (and earlier?)).
You must additionally do the following steps
a) Export the local CA certificate from the server and copy to the client iSeries
b) Use WRKLNK to check that the CCSID hasn't changed during the copy. If necessary edit the file through WRKLNK and sue F15 to correct.
c) Import the certificate into the *SYSTEM certificate store within DCM on the client.
d) Still in DCM, use the manage applications- >define a CA trust list, client apps, FTP Client to define a trust list for the client that includes the local CA imported from the server.
That's it. You should now be able to use secure FTP between the machines. For example, FTP RMTSYS(GBCATDEM) SECCNN(*SSL)
If you want to access a secure server from DOS, the normal DOSn client can't do this. One suitable FTP client is SSLFTP which can be downloaded from
http://netwinsite.com/surgeftp/download2.htm#sslftp
and documentation is here...
http://netwinsite.com/surgeftp/sslftp.htm#sslftpcommands
If you look at the documentation you'll see that you can record and play scripts using the SSLFTP -record and SSLFTP -run commands. Here's an example script:
open gbcatdem
bin
literal site namefmt 1
cd /myfolder
get ca.crt
quit
Incidentally some information about TLS in an iSeries secure FTP environment can be found here:
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzaiq/rzaiqtlsssl.htm
Comments (0)
You don't have permission to comment on this page.