ibmi-brunch-learn

Announcement

Collapse
No announcement yet.

Secure FTP - I need help, please.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure FTP - I need help, please.

    We have an arrangement with our #1 customer where they enter their orders to us via xml, and we retrieve those orders through a CL program from their FTP server. Up until this point our connection had been a standard FTP.

    The procedure we use in a nutshell:

    1. User runs a CL which views the directory on the customer's server. The file is 'UNITED.XXX' where XXX is a batch number incremented with each order.
    2. User takes another menu option where they can select the batch number. The number is in by default, using scripts that increment the number at the time of successfull transfer.

    Their Systems Engineer just notified us that they are changing over to SFTP in order to be PCI compliant. They told me that the secure connection is going to run through port 990. I've been looking at Scott Klement's guides which have helped me in the past, but it appears to me that SFTP assumes port 22. I'm not sure how to proceed.

    I realize there are probably some things I left out, so feel free to assume I know nothing. (it's not very far from the truth )
    "It's what you learn after you know it all that counts." - John Wooden

  • #2
    Re: Secure FTP - I need help, please.

    OK - so I did figure some stuff out... apparently I am using ftps, not sftp... therefore, using the following...

    Code:
                         Start TCP/IP File Transfer (STRTCPFTP)                     
                                                                                    
     Type choices, press Enter.                                                     
                                                                                    
     Remote system  . . . . . . . . . > '169.130.86.227'                            
                                                                                    
                                                                                    
                                                                                    
     Coded character set identifier     *DFT          1-65533, *DFT                 
     Port . . . . . . . . . . . . . . > 990           1-65535, *DFT, *SECURE        
     Secure connection  . . . . . . . > *IMPLICIT     *DFT, *NONE, *SSL, *IMPLICIT  
     Data protection  . . . . . . . .   *DFT          *DFT, *CLEAR, *PRIVATE        
                                                                                    
                                Additional Parameters                               
                                                                                    
     Outgoing EBCDIC/ASCII table  . .   *CCSID        Name, *CCSID, *DFT            
       Library  . . . . . . . . . . .                 Name, *LIBL, *CURLIB          
     Incoming ASCII/EBCDIC table  . .   *CCSID        Name, *CCSID, *DFT            
       Library  . . . . . . . . . . .                 Name, *LIBL, *CURLIB
    I get the following:
    Code:
    Connecting to remote host 169.130.86.227 using port 990
    Secure connection error, return code -23.
    
     -23   Certificate is not signed by a trusted certificate authority.
    I'm assuming I need to load a Certificate of Authority, which I did receive from the customer. I learned how to get to DCM, but I don't know what to do from here.
    "It's what you learn after you know it all that counts." - John Wooden

    Comment


    • #3
      Re: Secure FTP - I need help, please.

      I just did all that stuff Larry ... PM me your email and I will try to dig up an IBM document we used on it, feel free to hassle me until I send it ...

      < e d i t >

      Flag that ... we followed this guide from IBM http://www-912.ibm.com/s_dir/slkbase...umber/28604514

      The guide is for securing telnet, but I am sure a similar process can be done for FTP. Once the certificate is created you have to assign it to an application (FTP)

      < / e d i t >
      Last edited by gcraill; January 7, 2013, 11:28 PM.
      Greg Craill: "Life's hard - Get a helmet !!"

      Comment


      • #4
        Re: Secure FTP - I need help, please.

        If you go to this page and search on "Digital Certificate Manager" it shows links to a lot of documents.



        This one seems to aim specifically at FTP .... might be useful also.

        Greg Craill: "Life's hard - Get a helmet !!"

        Comment


        • #5
          Re: Secure FTP - I need help, please.

          Thanks, Greg, that was a big help.
          I tried all that, and now I'm getting an asn.1 encoding/decoding error. The certificate sent to me was a .rar file.
          Also, when they ask for the encryption password for the certificate, is that the password I would use to get to the customer's server? or an arbitrary one for my purposes?
          "It's what you learn after you know it all that counts." - John Wooden

          Comment


          • #6
            Re: Secure FTP - I need help, please.

            Larry ...

            If you wanna get away from all that DC stuff and use something that will make your life easier... you ought to check out our product, GoAnywhereMFT. It's a Managed File Transfer for ANY operating system, including iSeries. AND, you can use sFTPs, Database Access, execute iSeries Programs/Commands, etc...

            And, it's very REASONABLE on cost for a Company. Here's the kicker. You can install it (full blown version) and get it working on your system for Proof of Concept.

            Give me a call ... 800-949-4696 x754

            Comment

            Working...
            X