IBM webMethods Hybrid Integration

IBM webMethods Hybrid Integration

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Expand all | Collapse all

SSL Certificate Generation for FTPS under MFT/Active Transfer Server

  • 1.  SSL Certificate Generation for FTPS under MFT/Active Transfer Server

    Posted Wed June 30, 2021 01:23 PM

    Dear Expert,
    We are planning to expose a FTPS port for end user to connect to our MFT Server. We have noticed that we do need to specify ssl certificate for the same. Can you please suggest if we need to follow any guideline while generating this certificate which latet need to be shared with the client ? What is the best practice for generating the ssl certificate that should be specified under MFT under FTPS port definition ?


    #B2B-Integration
    #webMethods
    #Managed-File-Transfer


  • 2.  RE: SSL Certificate Generation for FTPS under MFT/Active Transfer Server

    Posted Thu July 01, 2021 01:59 PM

    Hi Kumar,

    Certificate can be generated by using OpenSSL (check with your Security department about the details, i.e. key length and encryption algorithms). After you have created a CertificateSigningRequest (CSR), you should get this certified by a trustworthy CertificateAuthority (CA).

    See IS Administrators Guide and/or MFT Administrators Guide for details how to apply the certificate to host which provides the port.

    Regards,
    Holger


    #B2B-Integration
    #webMethods
    #Managed-File-Transfer


  • 3.  RE: SSL Certificate Generation for FTPS under MFT/Active Transfer Server

    Posted Thu July 01, 2021 11:58 PM

    Hi Saurav,

    Addition to Holger, you can use ‘keytool’ in java to manage certificates.
    Your security department might already have the required private certificate(keystore) signed by trustworthy CA (CertificateAuthority).

    If server’s certificate is signed by a CA that the client also trust, there’s no need of sending certificates to the client.
    Clients will accept the server’s certificates based on the trust on CA.
    Otherwise, you have to share the public key with the client, so that client can validate/trust the server.

    Similarly, as a server, you should have either client’s public certificates or certificates of CA in truststore to validate the clients.

    For certificate based authentication of MFT users, you have the details in the ActiveTransfer guide.
    Please let us know if these answers your query.

    Regards
    Biswa


    #B2B-Integration
    #Managed-File-Transfer
    #webMethods