cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure certificates for FTPS

Former Member
0 Kudos
726

Hi, ALL,

I have to send FTP files to and from outside server using like (SAP XI proxy>FTP, FTP>SAP Xi proxy). I would like to use secure FTP (FTPS). How I can configure it in both sender and receiver FTP adapter? Does the certificate at XI has to be signed by Trusted authority or I can do self signed? Does the outside server need to get the FTP certificate also? Can anybody provide step by step solution?

<promising_points_removed_by_moderator>

Thanks a lot!

Meiying

Accepted Solutions (1)

Accepted Solutions (1)

iprieto
Contributor
0 Kudos

Hi,

It depends if the FTP server certificates are signed for a CA installed in TrustedCA view. The TrustedCA view is a netweaver administration option included in Keystore application.

For example, if the FTP server certificate is signed by verising, SAP contains the certificate of verising installed in TrustedCA, therefore you not have to do anything, but if the server certificate is a certificate created for you, you will have to install the CA wich you signed the certificate.

In my case, I put files into a FTPs server that have a certificate signed by verisign and I haven't to do anything in TrustedCA view because the CA was installed.

In FTP adapter you must to select the FTPS option to communicate to FTP server through SSL.

Best regards

Iván

Edited by: Carlos Ivan Prieto Rubio on Mar 25, 2009 8:10 PM

Former Member
0 Kudos

Hi, Carlos,

Thanks for the quick response. Sorry, I am a little bit confused. I am totally new on it. Let me clarify some of your answers.

1. In your response, the FTP server is the outside FTP server which I will get and put files?

2. "if the FTP server certificate is signed by verising, SAP contains the certificate of verising installed in TrustedCA," Does this FTP server certificate is installed in FTP server or in XI server?

3. what value do you put in the fields "Connection Security" and "Command Order" in communication channel configuration which use FTP adapter?

4. Did you check "Use X509 certificate for Client Authentication" and put the values in the fields " Keystore and X509 Certificate and Private Key?

5. Do I have to do certificate on both side (the FTP server and XI)?

Thank you very much!

Meiying

iprieto
Contributor
0 Kudos

Hi,

1.- Yes.

2.- The FTP is a standalone server and the certificate must to be installed in FTP server.

3.- Tomorrow I will respose you this question because I´m not in my job now and I can´t open the Integration Directory.

4.- If the FTP server requires x509 certificate for login you must to add the certificate in Keystore, in my case I use basic login for that.

5.- Only in FTP side.

You're welcome

Best regards

Ivá

Former Member
0 Kudos

Hi, Ivan,

Then do I need to do anything in XI server side? For test purpose, can I create a self certificate in FTP server, then load the cert to XI keystore? Please provide the answer for question 3 tomorrow. Thank you for the answer.

Meiying

iprieto
Contributor
0 Kudos

Hi Meiying,

Yes ,you can create a self certificate but in this case you must to install in TrustedCA the root Certificate which you sign your certificate.

For example:

1.- Create one CA- MyCompanyCA

2.- Create self certificate (MeiyingCert) signed by MyCompanyCA.

3.- Install the certificate MeyingCert in FTP server.

4.- Install in trustedCA (PI) MyCompanyCA certificate.

For do it you can to use OpenSSL or use SAP PI keystore for creating certificates and CAs.

That's all

Best Regards

Ivá

iprieto
Contributor
0 Kudos

Hi,

The value for Connection Security is FTPS (FTP using SSL/TSL) for control and data connection and Command order is USER,AUTH TLS, PASS, PBSZ, PROT.

Those parameters depends of FTP server in use.

Best regards

Ivá

Former Member
0 Kudos

Hi, Ivan

I just got your email while I was writing to ask you the answer for the question3.

I will try it and let you know. Thank you very much.

Former Member
0 Kudos

Hi, Ivan,

One more question. Where do we put the certificate MeyingCert in FTP server? In FTP root directory, or the directory I get and put files there? Are the certificate MeyingCert installed in FTP server (step3) and MyCompanyCA certificate (step 4) the same? Thanks.

Meiying

iprieto
Contributor
0 Kudos

Hello,

1.-It's depend of FTP server that you are using. See the help reference of FTP server.

2.-No, These are not the same.

Best regards

Ivá

Former Member
0 Kudos

Hi, Ivan,

Sorry, I have one more question. How do I know which command order I need to use? That is where I can get the information for that?

Thank you so much for all your answers.

Meiying

iprieto
Contributor
0 Kudos

Hi Meiying,

In my case was test and error because I don't have access to FTP server config application, but the FTP servers usually have this configuration in the config application of this server. Test with Filezilla FTP Server (http://filezilla-project.org/), I remenber that this application have an option to configure this issue.

Best regards

Ivá

Former Member
0 Kudos

Thanks Ivan and Liang, I am able to get it work now.

Points awarded.

Meiying

Answers (1)

Answers (1)

Former Member
0 Kudos
Former Member
0 Kudos

Thanks, Liang for the information. I will read them carefully.

Meiying