FTP Client Authentication-Mainframe to Mainframe (Optional)

Digital Certificates › FTP Server and Client Authentication › FTP Client Authentication-Mainframe to Mainframe (Optional)

FTP Client Authentication-Mainframe to Mainframe (Optional)

FTP client authentication is not required for FTP server authentication. If you choose to use FTP client authentication, FTP server authentication must be working.

To authenticate a mainframe FTP client from a mainframe FTP Server

Verify that FTP server authentication is working.

Enter the command:

TSS GENCERT(USERA) DIGICERT(USRACERT)
                   SUBJECTN('o=”COMPANYA” CN=”USERA 
                            selfsigned ftp cert” OU=”SYSTEMSDEPT” C=”US”') 
                   LABELCERT('USERA CERT')

The FTP client certificate is generated.

Enter the command:

TSS ADD(USERA) KEYRING(USRARING)
               LABLRING(USRARING)

The KEYRING for the FTP client ACID is created.

Enter the command:

TSS ADD(USERA) KEYRING(USRARING)
               RINGDATA(USERA,USRACERT)
               DEFAULT 
               USAGE(PERSONAL)

The FTP client's certificate is added to the FTP client's KEYRING.

Enter the command:

TSS ADD(FTPS) KEYRING(FTPSRING)
              RINGDATA(USERA,USRACERT)
              DEFAULT 
              USAGE(PERSONAL)

The FTP client's certificate is added to FTP the server's KEYRING with CERTAUTH authority.

Enter the command:

TSS ADD(USERA) KEYRING(USRARING)
               RINGDATA(FTPS,FTPSCERT)
               USAGE(PERSONAL)

The FTP server's certificate is copied to the FTP client's KEYRING.

Open IBM's FTPS.DATA member and add the following parameter:
```
FTP SECURE_LOGIN VERIFY_USER
```
FTP client authentication is activated.