log inhelp

 | 

  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

Secure FTP

Page history last edited by PBworks 16 years, 5 months ago

Brief instructions are as follows:

 

You need to have Digital Certificate Manager, HTTP Server and Cryptographic Support (ACn) licensed programs installed.

 

On the server, use DCM to

a) Create the *SYSTEM certificate store

b) define the server as a local CA - create local CA certificate

c) create a self-signed certificate (signed by local CA)

d) assign the certificate to the OS/400 TCP/IP FTP server application

e) optionally manage the application to request that client authentication is required.

Then

f) CHGFTPA to allow or force secure FTP

g) endtcpsvr *ftp and strtcpsvr *ftp

 

If you want to have a secure FTP from iSeries to iSeries, the FTP client must be V5R2 as this is the 1st release where a secure FTP client became available (the secure server was available on V5R1 (and earlier?)).

You must additionally do the following steps

a) Export the local CA certificate from the server and copy to the client iSeries

b) Use WRKLNK to check that the CCSID hasn't changed during the copy. If necessary edit the file through WRKLNK and sue F15 to correct.

c) Import the certificate into the *SYSTEM certificate store within DCM on the client.

d) Still in DCM, use the manage applications- >define a CA trust list, client apps, FTP Client to define a trust list for the client that includes the local CA imported from the server.

 

That's it. You should now be able to use secure FTP between the machines. For example, FTP RMTSYS(GBCATDEM) SECCNN(*SSL)

 

If you want to access a secure server from DOS, the normal DOSn client can't do this. One suitable FTP client is SSLFTP which can be downloaded from

http://netwinsite.com/surgeftp/download2.htm#sslftp

 

and documentation is here...

http://netwinsite.com/surgeftp/sslftp.htm#sslftpcommands

 

If you look at the documentation you'll see that you can record and play scripts using the SSLFTP -record and SSLFTP -run commands. Here's an example script:

 

open gbcatdem

bin

literal site namefmt 1

cd /myfolder

get ca.crt

quit

 

Incidentally some information about TLS in an iSeries secure FTP environment can be found here:

http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzaiq/rzaiqtlsssl.htm

Comments (0)

You don't have permission to comment on this page.

Printable version