Configure an SSL-enabled FTP Server on the Agent

You use the generated server keystore and its encrypted password to configure an SSL-enabled FTP server on the agent.

To configure an SSL-enabled FTP Server on the agent

Ensure that the following parameter is defined in the QIBM/ProdData/Java400/jdk14/lib/security/java.security file on your i5/OS operating system:
```
security.overridePropertiesFile=true
```
The JVM uses the customized java.security file that is installed with the agent. This value allows the JVM to use the java.security provided with the agent for its own communications but does not affect other instances of the JVM for other applications on the i5/OS system. Without defining this property the i5/OS agent will not be able to use SSL.
Open a PASE terminal session.
Change to the agent installation directory.
Enter the following command:
```
./cybAgent -s
```
The agent stops running.
Open the agentparm.txt file.

Set the following parameters:

security.level=on

ftp.noserver=false

ftp.server.ssl=true

Specify the following parameters:

ftp.server.ssl.keystore

Specifies the full path of the keystore file. The default file name is serverkeystore. You can use keytool, provided with the JRE, to create your own keystore.

Example: ftp.server.ssl.keystore=/R7/serverkeystore

ftp.server.ssl.keystore.password

Specifies the encrypted password for the server keystore that contains an X509 certificate. This password is sent to the client during the handshake process. The default password is cyberuser (encrypted).

Note: You can use the agent password utility to encrypt your password before using it in the agentparm.txt file.
Save and close the agentparm.txt file.
Start the subsystem that runs the agent if it has stopped.
Enter the following command:
```
./cybAgent
```
The agent starts running and the FTP server on the agent is SSL-enabled.