FTP Client Authentication-Mainframe to PC (Optional)

Digital Certificates › FTP Server and Client Authentication › FTP Client Authentication-Mainframe to PC (Optional)

FTP Client Authentication-Mainframe to PC (Optional)

FTP client authentication is not required for FTP server authentication. If you choose to use FTP client authentication, FTP server authentication must be working.

To authenticate a PC FTP client from the mainframe FTP Server

Export the FTP server's certificate FTPS.SERVER.CERT to the PC and bring it into the FTP client's Trusted Authorities database.

Enter the command:

TSS GENCERT(USERA) DIGICERT(USRACERT)
                   SUBJECTN('o=”COMPANYA” CN=”USERA selfsigned ftp cert” -
                             OU=”SYSTEMSDEPT” C=”US”')
                   LABELCERT('USERA CERT')

The FTP client certificate is generated.

Enter the command:

TSS ADD(USERA) KEYRING(USRARING)
               LABLRING(USRARING)

The KEYRING for the FTP client ACID is created.

Enter the command:

TSS ADD(USERA) KEYRING(USRARING)
               RINGDATA(USERA,USRACERT)
               DEFAULT USAGE(PERSONAL)

The FTP client's certificate is added to the FTP client's KEYRING.

Enter the command:

TSS ADD(FTPS) KEYRING(FTPSRING)
              RINGDATA(USERA,USRACERT)
              USAGE(PERSONAL)

The FTP client's certificate is added to the FTP server's KEYRING.

Enter the command:
```
TSS EXPORT(USERA) DIGICERT(USRACERT)
                  DCDSN(USERA.CERT)
```
The FTP client's certificate is export to the USERA.CERT dataset. This is automatically created and cataloged by CA Top Secret.
Use your FTP product to export the USERA.CERT client certificate to the PC and bring it into the FTP client's Trusted Authorities database.
Open IBM's FTPS.DATA member and add the following FTP parameter:
```
SECURE_LOGIN VERIFY_USER
```
FTP client authentication is activated.