Previous Topic: FTP Server and Client AuthenticationNext Topic: FTP Client Authentication-Mainframe to PC (Optional)


FTP Server Authentication-Mainframe to PC

Use CA Top Secret Digital Certificates as a secure way to identify users when using OE/FTP services.

To authenticate a Mainframe FTP Server from a FTP client on the PC

  1. Enter the command:
    TSS GENCERT(FTPS)  DIGICERT(FTPSCERT)
    

    The FTP server's certificate is generated and added to the FTP region ACID FTPS.

  2. Enter the command:
    TSS ADD(FTPS) KEYRING(FTPSRING)
                  LABLRING(FTPSRING)
    

    The FTP server's KEYRING is created.

    Note: There are no blank spaces in the LABLRING.

  3. Enter the command:
    TSS ADD(FTPS) KEYRING(FTPSRING)
                  RINGDATA(FTPS,FTPSCERT)
                  DEFAULT
                  USAGE(PERSONAL)
    

    The FTP server's certificate is added to the FTP server's KEYRING.

  4. Enter the command:
    TSS EXPORT(FTPS) DIGICERT(FTPSCERT)
        DCDSN('FTPS.SERVER.CERT')
    

    The FTP server's certificate is copied to a dataset. The dataset is automatically created and cataloged.

  5. Use your FTP product to copy the FTP server's certificate FTPS.SERVER.CERT to the FTP client's Trusted Authorities database.
  6. Enter the commands:
    TSS PER(FTPS) IBMFAC(IRR.DIGTCERT.GENCERT) ACC(UPDATE|CONTROL)
    TSS PER(FTPS) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(UPDATE|CONTROL)
    TSS PER(FTPS) IBMFAC(IRR.DIGTCERT.LIST) ACC(UPDATE|CONTROL) 
    TSS PER(USRA) IBMFAC(IRR.DIGTCERT.GENCERT) ACC(UPDATE|CONTROL)
    TSS PER(USRA) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(UPDATE|CONTROL)
    TSS PER(USRA) IBMFAC(IRR.DIGTCERT.LIST) ACC(UPDATE|CONTROL)
    

    Use ACC(CONTROL) only if CERTSITE is the owner of the certificate.

    The FTP ACID is permitted to the SSL KEYRING, certificates, and mappings.

  7. Open IBM's FTPS.DATA member for editing and add the following IBM FTP parameters:

    The keyring name is established with FTP, client authentication is disabled, and FTP server authentication is activated.

For more information on activating digital certificates with FTP, see the IBM documentation.