cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Message Level Security in FTPS

Go to solution
Former Member

on ‎02-10-2010 9:15 AM

0 Kudos

Hi ,

Did File Adapter with FTPS will provide the Message Level Security ?

And What is the Exact Difference Between FTPS for Control Connection and FTPS for Control and Data Connection .

What is the Significance of Use X.509 Certificate for Client Authentication check box. If we check it what will happen r if we dont what will happen ?

Thanks.

Anitha.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-10-2010 9:20 AM
0 Kudos

Hi Anitha,

if you are looking for message level security in FTP then use SSH i.e sFTP instead of FTPS....

FTP is over SSL i.e Secure Socket Layer...which will create the secure layer and transfers the data using the same...

X.509 is used for client authentication... if you want to transfer the data using particular user...for which the authentication will happen...using the certificate X.509..

HTH

Rajesh

Show replies
Show replies
Former Member
‎02-10-2010 9:27 AM
0 Kudos

Hi Rajesh,

I have to use only FTPS. Because my client is suggesting that only. Isn't possible using FTPS ?

And Tell me The Difference Between FTPS for Control Connection and FTPS and Control and Data Connection .

Neccesity of Public key certificate from FTP Sever?

Thanks.

Anitha.

Shabarish_Nair
Active Contributor
‎02-10-2010 9:32 AM
0 Kudos

> 

> Hi Rajesh,
> 
>       I have to use only FTPS. Because my client is suggesting that only. Isn't possible using FTPS ? 
> And Tell me The Difference Between FTPS for Control Connection and FTPS and Control and Data Connection .
> Neccesity of Public key certificate from FTP Sever?
> 
> Thanks.
> Anitha.

PI supports FTPS. you can use the File adapter for the same.

The basic difference when we talk about FTPS for Control Connection* and FTPS and Control and Data Connection is that in case of FTPS and Control and Data Connection, you data is also encrypted. Else the connection is secure but the data level encryption will not be active

FTPS works with Certificates and hence the need for the same

iprieto
Contributor
‎02-10-2010 9:36 AM
0 Kudos

No, you only need to have installed in Trusted keystore the CA used by the FTP server. The server public certificate is sent by FTP server when both servers negotiate the handshake SSL.

Best regards

Ivá

Former Member
‎02-10-2010 9:40 AM
0 Kudos

Thanks Sabarish,

I got The Difference now. could you provide any document or blog supporting to your statement, So that I can understand clearly.

In that case what is message level security as File Adapter will not support?

Thanks.

Anitha.

Shabarish_Nair
Active Contributor
‎02-10-2010 9:42 AM
0 Kudos

/people/krishna.moorthyp/blog/2007/07/31/sftp-vs-ftps-in-sap-pi

refer that

Former Member
‎02-10-2010 9:48 AM
0 Kudos

Hi,

What is the Significance of Use X.509 Certificate for Client Authentication check box.

When I have to check this Check Box and When I should not check ?

Thanks.

Anitha.

Former Member
‎02-10-2010 9:53 AM
0 Kudos

Thanks Sabarish,

I read that Blog already.

In this blog could you please Explain 

* Implict FTPs 990 (Control) and 989 (Data)
    * Explicit FTPs 21 (Control) and 20 (Data)

What is Implicit mode and Explicit Mode?

And Could you please tell me

What is The Message level security?

Why File Adapter will not support that ?

Thanks.

Anitha.

Former Member
‎02-10-2010 10:09 AM
0 Kudos

check this

http://help.sap.com/saphelp_nw70/helpdata/en/43/0e16bfd7b021aee10000000a1553f6/content.htm

also i think data might not be encrypted using FTPS control and data connection but only the communication

Former Member
‎02-10-2010 10:24 AM
0 Kudos

Any Help Please..

Thanks.

iprieto
Contributor
‎02-10-2010 10:50 AM
0 Kudos

Hi Anitha,

Check this site: http://help.globalscape.com/help/secureserver2/Explicit_versus_implicit_SS.htm

The message level security is based on WS-Security, XML Encryption and XML Signature standards. PI 7.1 implements this issue but the ERP must implement this mechanism too. It is a new standard for server comunication and the industry are implementing in this moment their product with this standard.

Regards

Ivá

Former Member
‎02-10-2010 10:57 AM
0 Kudos

Thank you Ivan,

Few more doubts, Could you please clarify These also ?

In FTPS Control and Data Connection Data Encryption will be there or not ?

What is the Significance of Use X.509 Certificate for Client Authentication check box.

When I have to check this Check Box and When I should not check ?

Thanks.

Anitha.

iprieto
Contributor
‎02-10-2010 11:09 AM
0 Kudos

Hi Anitha,

If you choose FTPS Control and Data Connection Data the control dialog message and data communication will be encrypted.

If you choose Use X.509 Certificate, you will send to FTP server your credentials throught the certificate, the FTP server check if this certificate is valid or not.

You should use these options if the FTP server admin team tell you that is mandatory the use of this connection method. In my job only use FTPs control connection (Intranet) but if you use internet connection the best choice is use FTPS Control and Data Connection. This method is more secure than FTPS Control because Data are encrypted.

Best reagrds

Ivá

Former Member
‎02-10-2010 11:51 AM
0 Kudos

Thank You Ivan,

One More doubt,

How FTPS Configurations in PI will work in Sender Side and in Receiver Side.

If It is FTPS --> XI --> FTPS Scenario

How the process flow will be? Could you please explain step by step ?

Thanks.

iprieto
Contributor
‎02-10-2010 12:08 PM
0 Kudos

Hi,

Two methods works in the same way.

1.- Handshake negotiation.

2.- PI do login in FTP server (Basic Login or X509 Certificate login).

3.- In sender way SAP PI sends a "get" command to FTP serve for retreive the file. In receiver way PI send a "put" command to FTP server to put the file in the FTP server.

The more important thing is CA certificates are installed in SAP Server into TrustedCAs keystore for SAP Server trust in the public certificate tha FTP server sends.

I wrote an article where it may be help you to undestand the handshake negotiation. Check it: http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/60ff2883-70c5-2c10-f090-a744def2ba66

Best regards

Ivá

Answers (1)

Answers (1)

iprieto
Contributor
‎02-10-2010 9:33 AM
0 Kudos

Hi,

1.- FTPS for control connection only encrypt the control messages when the servers open the connections with the remote server.

FTPS for control and data connection encrypt data and control messages using one algorithm previously negotiated for both servers.

2.- For do login in FTP server you can use Basic Login (for instance when you use anonymous user in some FTP server) and certificate login. For do it, you must to have one certificate stored in keystore in Java Server.

Best regards

Ivá

Show replies
Show replies
Ask a Question