on 01-14-2016 8:51 PM
Hi All, I have a problem understanding how FTPS protocol works in SAP PI 7.11.
I need to send an encrypted file to an external party using FTPS protocol. Aditionally, External party is requiring to use SSL as Transport Security and PGP or X.509 as Payload Security. Besides is requesting me to send my public SSL certificate and PGP or X.509 key for payload encryption.
Do I need to do something else besides to select "FTPS for control and data connection" to establish transport security SSL?? How I export the public SSL certificate in order to send to my external party?
If I want to encrypt a file, Is it enough with selecting "Use X.509 Certificate for Client Authentication" or this option is not for encrypting files?
If the answer is no to the previous question. What I have to do to encrypt my file using x.509 or PGP?
Thanks in advanced for your replies.
Kind regards,
Joan Llaully
Hi Joan
There are basically 3 different areas to your question.
i) FTPS is basically FTP over SSL/TLS which is analogous to HTTPS (HTTP over SSL/TLS). If the external party is hosting the FTPS server, then they need to send to you their public SSL certificate and you need to import the Root CA cert into TrustedCA view in your NWA key storage. This is in order to achieve mandatory server authentication for FTPS. Refer to the following blog on configuration of the FTPS protocol.
ii) Client authentication is an optional feature. It basically means you can use a certificate to "represent" yourself when logging in to the FTPS server, instead of the common user/password approach. If the external party's requirement is to use client authentication, then you need to provide your public X.509 certificate for them to import into their server.
iii) Encryption of the file content via PGP is independent of the transport protocol (i.e. FTPS in your case). Encryption is achieved using Adapter modules in the communication channel. Your PI 7.11 system needs to be on at least SP08 in order to install the Secure Connectivity Add on that contains the PGP module. Refer to the following on how to use the encryption module.
You need to encrypt based on the external partner's public PGP key, so they need to share that with you. Only if they require PGP signature when you encrypt, then you need to also share your public PGP key with the partner.
Hope this helps. Let me know if you require more information.
Rgds
Eng Swee
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Eng, your reply was very helpful, now I am doing some test and I'm getting this generic error: "Peer certificate rejected by ChainVerifier".
As I could research, the more probably cause is the way is installed the certificate (this task was not done by me)
Could you give me more clarity how I have to install certificates? By the way, my certificate has a CA chain.
I am a little confused between public SSL certificate and Root CA cert and where have to be installed each one.
Kind regards,
Joan Llaully
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.