cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to configure certificates for FTPS?

Former Member

on ‎01-29-2009 11:33 AM

0 Kudos

Hi All,

when i have a FTPS->XI->IDOC scenario should i generate a certificate for the XI server and give it to the sender or should i import the certificate given by the sender?

Edited by: sivasakthi danasekaran on Jan 29, 2009 12:33 PM

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎02-05-2009 6:55 PM
0 Kudos

yes

Show replies
Show replies
prateek
Active Contributor
‎01-29-2009 12:06 PM
0 Kudos

You need to generate the certificate at XI, get it signed by a Trusted authority and pass the root certificate to the sender.

Nidhi, the blog you provided was for SFTP and not FTPS. There is a difference

Regards,

Prateek

Show replies
Show replies
Shabarish_Nair
Active Contributor
‎01-29-2009 12:07 PM
0 Kudos

even for FTPS the loading of certificate remains the same.

Load the certificate in the trusted CAs keystore. Note that this is mandatory for FTPS scenarios since the

certificate check is done in the trusted CAs location.

Former Member
‎01-29-2009 2:42 PM
0 Kudos

Thanks a lot to all of you.

Ok so i have to generate the certificate , get it trusted by a CA and load it into the Trusted CA's list in Visial admin.

i can see an option Use X.509 Certificate for client Authentication thats optional in the sender File/FTP adapter , should i check that? what exactly is it useful for?

Edited by: sivasakthi danasekaran on Jan 29, 2009 3:42 PM

prateek
Active Contributor
‎01-29-2009 2:56 PM
0 Kudos

This should be optional. It is used if you want to use client certificate for user authentication.

Regards,

Prateek

Former Member
‎01-29-2009 3:01 PM
0 Kudos

what i dont understand is the term "client certificate for user authentication." what does that mean?

prateek
Active Contributor
‎01-29-2009 3:21 PM
0 Kudos

You may see this at file sender settings. Check "Connection Setting" details.

http://help.sap.com/saphelp_nw04/helpdata/en/e3/94007075cae04f930cc4c034e411e1/frameset.htm

Regards,

Prateek

Former Member
‎01-29-2009 3:35 PM
0 Kudos

Thanks Prateek,

I guess its the certificate gievn by the client , that has to be imported into the XI server, for the Server to authenticate itself to the FTP server . Isnt it?

I have one more question i have to hand over the certificate that i generate to the sender so that he can use it for encrypting his file right?

markangelo_dihiansan
Active Contributor
‎01-30-2009 12:45 PM
0 Kudos

Hi,

I think you still have to consult with the client if he/she accepts self-signed certificates. Otherwise, you would have to have it signed by a CA before actually distributing it with the client.

Hope this helps,

Regards,

Former Member
‎01-29-2009 11:38 AM
0 Kudos

U can import certificate to TrustedCAs keystore service in visual admin

Have alook on this blog

/people/daniel.graversen/blog/2008/12/11/sftp-with-pi-the-openssh-way

Edited by: Nidhi Bansal on Jan 29, 2009 12:38 PM

Show replies
Show replies
Ask a Question