cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Certificate for FTPS

itabhishek9
Participant

on ‎10-09-2015 11:17 AM

0 Kudos

Hi SDNites,

I have to upload a certificate to establish FTPS connectivity (which I have obtained from FTPS server). Please let me know while uploading the certificate which option should I select,

1. X.509 Certificate

2. PKCS#12 Key pair

3. PKCS#8 Key Pair.

Also once I upload the same how can I make sure that the cerificate is used while establishing connection as in SAP PI adapter we have only one checkbox which says X.509 certificate for client authentication.

Any help on the above is really apprecited.

Regards,

Abhishek

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

former_member186851
Active Contributor
‎10-09-2015 11:22 AM

Hello Abhishek,

You need to convert the private Key to .x509 certificate and upload in NWA->Keystore.

Show replies
Show replies
itabhishek9
Participant
‎10-09-2015 11:29 AM
0 Kudos

Hi Raghu,

Thanks for the response.

Sorry I have less understanding on the certificates/ keys concepts. If you can please elaborate on the suggestion provided above.

Regards,

Abhi


former_member186851
Active Contributor
‎10-09-2015 11:34 AM
0 Kudos

Hello Abhishek,

You have private key received from client?

itabhishek9
Participant
‎10-09-2015 11:40 AM
0 Kudos


Hi Raghu,

I have to configure FTPS on the receiver communication channel.

I have received a certificate secutity certificate from FTPS server which when opened I can see

-----BEGIN RSA PRIVATE KEY-----

<Details of key present here>

-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

<Details of certificate present here>

-----END CERTIFICATE-----

Regards,

Abhishek

former_member186851
Active Contributor
‎10-09-2015 11:45 AM
0 Kudos


Hello Abhishek,

You can refer the below link

Generating SSH Keys for SFTP Adapters - Type 1 - Process Integration - SCN Wiki

itabhishek9
Participant
‎10-09-2015 11:52 AM
0 Kudos

Hi Raghu,

Above attached link descirbed to create SSH key pairs which as per my understanding needs to be done at the server level.

In my scenario I have to send data over TLS (Also when PI is sending data then it will be acting as a client). Also do I need to perform some action on the certificate I have obtained from FTPS server.

Regards,

Abhi

former_member186851
Active Contributor
‎10-09-2015 11:56 AM
0 Kudos

No Abhishek,

You can do it at your system and upload in the NWA.

Try it ,if it is not working let me know

itabhishek9
Participant
‎10-13-2015 12:13 PM
0 Kudos

Thanks Raghu.

I am not able to create a relationship,

when PI imports multiple certificates in NWA and sends information, where in configuration it is specified that refer to specific public key and certicate for the encryption.

Note : We are not using X.509 client authentication.

Regards,

Abhi

Show replies
Show replies
itabhishek9
Participant
‎10-13-2015 12:01 PM
0 Kudos

Thanks for above explanation.

For point 2 - Yes for FTPS connectivity, we have to select either Control connection or Control and Data connection based on level of encryption we require. But here it is still not specified which public key and certificate to use.

To make it a little more complex, if we have multiple 3rd party system which uses FTPS, how do I configure the channel so that encryption s done accordingly. (My understanding here is we have to have multple different certificates from multiple parties and get it installed into the keystore. Please confirm).

Regards,

Abhi

Show replies
Show replies
former_member186851
Active Contributor
‎10-13-2015 12:07 PM
0 Kudos


Hello Abhishek,

If you have multiple FTPS,Import each FTPS certificate in NWA Keystore.

and configure the same in each receiver FTPS channel.

Former Member
‎10-13-2015 12:21 PM
0 Kudos

Keystore is a place(path) where we use to deploy the certificate.

In X.509 Certificate and private key field is used to specify the name of the certificate which we have deployed.

certificate name is unique we cannot deploy the certificate with the same name which we have already.

Suppose I'm having the partners A & B

A(Partner) is using XXX certificate

B(Partner) is using YYY certificate

Both the partners have the certificates which we have already deployed in the NWA.

I want to send the message to the partner A. Then I will configure the receiver comm channel for the partner A. In the keystore filed I will give the path where I have deployed the certificate.

And in certificate field I will specify the name of the certificate.

while sending the message to the partner A receiver comm channel will use the certificate XXX to encrypt the message.

itabhishek9
Participant
‎10-14-2015 2:16 PM
0 Kudos

Hi,

When trying to upload the certificate, I am getting the below error,

ERROR:  -> iaik.asn1.CodingException: ASN.1 creation error: iaik.asn1.CodingException: Length: Too large ASN.1 object: 40

Can you please let me know what could be the cause?

Also from the above response, I can select only Private Key from Keystore when carrying out FTPS configuration. Does that mean that I have to get Private Key from 3rd party?

Regards,

Abhi

itabhishek9
Participant
‎10-13-2015 11:03 AM
0 Kudos

Thanks Prasad for your inputs.

Please correct me if I am wrong.

1. Use X.509 certificate for client authenation - This flag will be used when client wante to authenticate itself and is not mandatory. So we can configure channel without this flag checked.

2. FTPS server has provided the certificate to us which comprises of their public key and certificate. so my understanding i when we send the information over the TLS PI will encrypt the same and when it reaches to FTPS server, using Private Key it will be decrypted. But when I am configuring the channel I cannot see any place where I can use servers certifcate and Public key which enforces encryption.

Regards,

Abhi

Show replies
Show replies
Former Member
‎10-13-2015 11:37 AM
0 Kudos

Hi Abhishek,

1. Use X.509 certificate for client authenation - This flag will be used when client wante to authenticate itself and is not mandatory. So we can configure channel without this flag checked.


yes x.509 certificate is used for the client authentication, for some clients this is not mandatory. Certificates are used, if the message should be process securely between the systems.

We can configure the channel without this flag checked that all depends on the target system. If they are using the certificate then we should check this flag in comm channel.

2. FTPS server has provided the certificate to us which comprises of their public key and certificate. so my understanding i when we send the information over the TLS PI will encrypt the same and when it reaches to FTPS server, using Private Key it will be decrypted. But when I am configuring the channel I cannot see any place where I can use servers certificate and Public key which enforces encryption.


the above process which u have mentioned for the message encryption and decryption is  correct.


If we want to configure the keys in FTP receiver comm channel.

Transport protocol should be "FTP"

under FTP connection parameters there is an option "connection security"

default connection security will be "None". we need to change it.




itabhishek9
Participant
‎10-13-2015 9:21 AM
0 Kudos

Hi Raghu,

Wha I understand from the above is that you are pointing toward uploading of x.509 certificate for client authentication. But based on my understanding it is not mandatory.

I have received self signed certificate from 3rd party FTPS server and am waiting to get that uploaded in the Keystore. Please let me know,

1. While uploading the certificate which oprion needs to be selected,

     a. X.509 Certificate

     b. PKCS#12 Key pair

     c. PKCS#8 Key Pair.

2. How will this certificate be used when trying to establish connection with FTPS server.

Regards,

Abhi


Show replies
Show replies
Former Member
‎10-13-2015 10:39 AM
0 Kudos

Hi Abhishek,

1. While uploading the certificate which oprion needs to be selected,

     a. X.509 Certificate

     b. PKCS#12 Key pair

     c. PKCS#8 Key Pair.

while uploading the certificate we need to select the option a ...ie..(X.509 Certificate)

2. How will this certificate be used when trying to establish connection with FTPS server.

this certificate needs to be configure in receiver file communication channel.

Once you deployed the certificate in keystore .

we need to give the keystore path in the comm channel

By using this certificate we will encrypt the data and we will send it to the file server.

Once they received it they will decry pt the data by using the public key.

Ask a Question